SQL Injection in Mervinpraison Praisonai

CVE-2026-40315

PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly concatenated into SQL queries via f-strings wit…

Vulnerability class: SQL Injection

EPSS: 0.000 (13.9th percentile) — read the EPSS interpretation.