| CVE-2026-41497 |
critical |
9.8 |
9.8 |
|
|
|
20d ago |
PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection |
| CVE-2026-44336 |
critical |
9.6 |
9.6 |
|
|
|
20d ago |
PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection |
| CVE-2026-39890 |
critical |
— |
9.5 |
|
|
|
2mo ago |
PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading |
| CVE-2026-44339 |
high |
8.6 |
8.6 |
|
|
|
20d ago |
PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute |
| CVE-2026-44334 |
high |
8.4 |
8.4 |
|
|
|
20d ago |
PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass) |
| CVE-2026-41496 |
high |
8.1 |
8.1 |
|
|
|
20d ago |
PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) |
| CVE-2026-44340 |
high |
7.5 |
7.5 |
|
|
|
20d ago |
PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` |
| CVE-2026-44338 |
high |
7.3 |
7.3 |
|
|
|
17d ago |
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution |
| CVE-2026-44337 |
medium |
6.3 |
6.3 |
|
|
|
17d ago |
PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries |