Package impact
PIP / PraisonAI
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44339 | high | 8.6 | 8.6 | 20d ago | PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute | |||
| CVE-2026-44340 | high | 7.5 | 7.5 | 20d ago | PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` | |||
| CVE-2026-44338 | high | 7.3 | 7.3 | 17d ago | PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution |