VIR Vulnerability Intelligence Relay

Package impact

PIP / praisonai

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-41497 critical 9.8 9.8 20d ago PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection
CVE-2026-39890 critical 9.5 2mo ago PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
CVE-2026-44334 high 8.4 8.4 20d ago PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)
CVE-2026-41496 high 8.1 8.1 20d ago PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)