Praison Praisonaiagents — known CVE vulnerabilities
Every CVE whose affected-product data names Praison Praisonaiagents, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2026-34938 — CVSS 10.0 (critical): PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside…
CVE-2026-44335 — CVSS 9.8 (critical): PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be…
CVE-2026-40288 — CVSS 9.8 (critical): PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is…
CVE-2026-40289 — CVSS 9.1 (critical): PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge…
CVE-2026-40111 — CVSS 8.8 (high): PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled…
CVE-2026-44339 — CVSS 8.6 (high): PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves…
CVE-2026-34954 — CVSS 8.6 (high): PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination…
CVE-2026-40287 — CVSS 8.4 (high): PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic…
CVE-2026-41496 — CVSS 8.1 (high): PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315…
CVE-2026-34937 — CVSS 7.8 (high): PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by…
CVE-2026-40150 — CVSS 7.7 (high): PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py…
CVE-2026-40153 — CVSS 7.4 (high): PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars()…
CVE-2026-40160 — CVSS 6.5 (medium): PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to…
CVE-2026-40117 — CVSS 6.2 (medium): PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbitrary files from…
CVE-2026-40152 — CVSS 5.3 (medium): PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directory parameter…