Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: praison Clear
ID Title
CVE-2026-44340 Path Traversal in PraisonAI (CVE-2026-44340)
path traversal in PraisonAI (CVE-2026-44340). Data can be tampered with by attackers. Exploitable via ``_safe_extractall``. Mitigation: upgrade to `4.6.37` or later.
CVE-2026-44334 Code Injection in praisonai (CVE-2026-44334)
code injection in praisonai (CVE-2026-44334). Successful exploitation can lead to full system takeover. Exploitable via `POST /v1/recipes/run`. Mitigation: upgrade to `4.5.139` or later.
CVE-2026-44335 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44335)
SSRF in ssrf (CVE-2026-44335). Successful exploitation can lead to full system takeover. Exploitable via ``requests``. Mitigation: upgrade to `>= 1.6.32` or later.
CVE-2026-44336 Vulnerability in praison (CVE-2026-44336)
vulnerability in praison (CVE-2026-44336). Successful exploitation can lead to full system takeover. Exploitable via ``praisonai.rules.create``.
CVE-2026-44337 Vulnerability in PraisonAI (CVE-2026-44337)
vulnerability in PraisonAI (CVE-2026-44337). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `4.6.34` or later.
CVE-2026-44338 Vulnerability in PraisonAI (CVE-2026-44338)
vulnerability in PraisonAI (CVE-2026-44338). Risk of unauthorized operations or information disclosure. Exploitable via `POST /chat`. Mitigation: upgrade to `4.6.34` or later.
CVE-2026-44339 Vulnerability in praisonaiagents (CVE-2026-44339)
vulnerability in praisonaiagents (CVE-2026-44339). Data can be tampered with by attackers. Exploitable via ``praisonaiagents``. Mitigation: upgrade to `1.6.37` or later.
CVE-2026-41496 SQL Injection in praisonai (CVE-2026-41496)
SQL injection in praisonai (CVE-2026-41496). Confidential information can be exposed externally. Exploitable via ``SQLiteConversationStore``. Mitigation: upgrade to `4.5.149` or later.
CVE-2026-41497 Command Injection in praison (CVE-2026-41497)
command injection in praison (CVE-2026-41497). Successful exploitation can lead to full system takeover. Exploitable via ``bash``. Mitigation: upgrade to `>= 4.6.9` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →