Package impact
PIP / PraisonAI
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44336 | critical | 9.6 | 9.6 | 20d ago | PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection | |
| CVE-2026-44339 | high | 8.6 | 8.6 | 20d ago | PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute | |
| CVE-2026-44340 | high | 7.5 | 7.5 | 20d ago | PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` | |
| CVE-2026-44338 | high | 7.3 | 7.3 | 17d ago | PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution | |
| CVE-2026-44337 | medium | 6.3 | 6.3 | 17d ago | PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries |