Known Vulnerabilities for products from Praison
Listed below are 19 of the newest known vulnerabilities associated with the vendor "Praison".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40157 json | Not Provided | 2026-04-10 | 2026-04-14 | |
| CVE-2026-40154 json | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted execut... | Not Provided | 2026-04-09 | 2026-04-15 |
| CVE-2026-40088 json | PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are expo... | Not Provided | 2026-04-09 | 2026-04-16 |
| CVE-2026-39890 json | PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library... | Not Provided | 2026-04-08 | 2026-04-15 |
| CVE-2026-39889 json | PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes a... | Not Provided | 2026-04-08 | 2026-04-15 |
| CVE-2026-39308 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpoint writes uploaded recip... | Not Provided | 2026-04-07 | 2026-04-16 |
| CVE-2026-39307 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Z... | Not Provided | 2026-04-07 | 2026-04-16 |
| CVE-2026-39306 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled... | Not Provided | 2026-04-07 | 2026-04-16 |
| CVE-2026-39305 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vulnerab... | Not Provided | 2026-04-07 | 2026-04-16 |
| CVE-2026-35615 json | PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collapses .... | Not Provided | 2026-04-07 | 2026-04-16 |
| CVE-2026-34955 json | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOL... | Not Provided | 2026-04-04 | 2026-04-14 |
| CVE-2026-34954 json | PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the ... | Not Provided | 2026-04-03 | 2026-04-13 |
| CVE-2026-34953 json | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token no... | Not Provided | 2026-04-03 | 2026-04-09 |
| CVE-2026-34952 json | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections ... | Not Provided | 2026-04-03 | 2026-04-09 |
| CVE-2026-34939 json | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied stri... | Not Provided | 2026-04-03 | 2026-04-09 |
| CVE-2026-34938 json | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled... | Not Provided | 2026-04-03 | 2026-04-14 |
| CVE-2026-34937 json | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string... | Not Provided | 2026-04-03 | 2026-04-14 |
| CVE-2026-34936 json | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a call... | Not Provided | 2026-04-03 | 2026-04-14 |
| CVE-2026-34935 json | PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed direc... | Not Provided | 2026-04-03 | 2026-04-14 |
| CVE-2026-34934 json | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL querie... | Not Provided | 2026-04-03 | 2026-04-14 |