| CVE-2026-41497 |
critical |
9.8 |
9.8 |
|
|
|
27d ago |
PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection |
| CVE-2026-44336 |
critical |
9.6 |
9.6 |
|
|
|
27d ago |
PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection |
| CVE-2026-39890 |
critical |
— |
9.5 |
|
|
|
2mo ago |
PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading |
| CVE-2026-47397 |
unknown |
— |
— |
|
|
|
6d ago |
PraisonAI has an Arbitrary File Write in Python API |
| CVE-2026-47391 |
unknown |
— |
— |
|
|
|
6d ago |
PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution |
| CVE-2026-47394 |
unknown |
— |
— |
|
|
|
6d ago |
PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate |
| CVE-2026-47392 |
unknown |
— |
— |
|
|
|
6d ago |
PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode) |
| CVE-2026-47395 |
unknown |
— |
— |
|
|
|
6d ago |
PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context |
| CVE-2026-47393 |
unknown |
— |
— |
|
|
|
6d ago |
PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default |
| CVE-2026-47396 |
unknown |
— |
— |
|
|
|
6d ago |
PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset |
| CVE-2026-47390 |
unknown |
— |
— |
|
|
|
6d ago |
PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings |
| CVE-2026-47398 |
unknown |
— |
— |
|
|
|
6d ago |
PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334 |
