| CVE-2026-44335 |
critical |
9.8 |
9.8 |
|
|
|
27d ago |
PraisonAI has an SSRF bypass |
| CVE-2026-44339 |
high |
8.6 |
8.6 |
|
|
|
27d ago |
PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute |
| CVE-2026-41496 |
high |
8.1 |
8.1 |
|
|
|
27d ago |
PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) |
| CVE-2026-47392 |
unknown |
— |
— |
|
|
|
5d ago |
PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode) |
| CVE-2026-47395 |
unknown |
— |
— |
|
|
|
5d ago |
PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context |
| CVE-2026-47390 |
unknown |
— |
— |
|
|
|
5d ago |
PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings |
| CVE-2026-40289 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions |
| CVE-2026-40288 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAI has critical RCE via `type: job` workflow YAML |
| CVE-2026-40287 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAI Vulnerable to RCE via Automatic tools.py Import |
| CVE-2026-40160 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback |
| CVE-2026-40152 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary |
| CVE-2026-40153 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool |
| CVE-2026-40150 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool |
| CVE-2026-40117 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAIAgents: Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate |
| CVE-2026-40111 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py) |
| CVE-2026-39888 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode) |
| CVE-2026-34954 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL |
| CVE-2026-34937 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution |
| CVE-2026-34938 |
unknown |
— |
— |
|
|
|
2mo ago |
PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code |
