{"api_version":"1","generated_at":"2026-05-09T13:11:33+00:00","cve":"CVE-2026-44337","urls":{"html":"https://cve.report/CVE-2026-44337","api":"https://cve.report/api/cve/CVE-2026-44337.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-44337","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-44337"},"summary":{"title":"PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries","description":"PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34.","state":"PUBLISHED","assigner":"GitHub_M","published_at":"2026-05-08 14:16:46","updated_at":"2026-05-08 19:07:00"},"problem_types":["CWE-20","CWE-89","CWE-20 CWE-20: Improper Input Validation","CWE-89 CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":[{"version":"3.1","source":"security-advisories@github.com","type":"Secondary","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.1"}}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2","name":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-44337","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44337","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"MervinPraison","product":"PraisonAI","version":"affected >= 2.4.1, < 4.6.34","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"44337","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"praison","cpe5":"praisonai","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-44337","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-08T14:19:43.732132Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-08T14:19:46.766Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["exploit"],"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"PraisonAI","vendor":"MervinPraison","versions":[{"status":"affected","version":">= 2.4.1, < 4.6.34"}]}],"descriptions":[{"lang":"en","value":"PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20: Improper Input Validation","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-89","description":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-08T13:33:51.716Z","orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M"},"references":[{"name":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2","tags":["x_refsource_CONFIRM"],"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2"}],"source":{"advisory":"GHSA-3643-7v76-5cj2","discovery":"UNKNOWN"},"title":"PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries"}},"cveMetadata":{"assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","assignerShortName":"GitHub_M","cveId":"CVE-2026-44337","datePublished":"2026-05-08T13:33:51.716Z","dateReserved":"2026-05-05T19:52:59.147Z","dateUpdated":"2026-05-08T14:19:46.766Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-08 14:16:46","lastModifiedDate":"2026-05-08 19:07:00","problem_types":["CWE-20","CWE-89","CWE-20 CWE-20: Improper Input Validation","CWE-89 CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.1","versionEndExcluding":"4.6.34","matchCriteriaId":"F79D7BF9-B663-444D-BBBB-9FF829581137"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"44337","Ordinal":"1","Title":"PraisonAI knowledge-store backends interpolate unvalidated colle","CVE":"CVE-2026-44337","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"44337","Ordinal":"1","NoteData":"PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34.","Type":"Description","Title":"PraisonAI knowledge-store backends interpolate unvalidated colle"}]}}}