Mervinpraison Praisonaiagents
10 CVEs affecting Mervinpraison Praisonaiagents. Latest disclosed: 2026-04-14. Critical: 3, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-39888 | Critical | 10.0 | 2026-04-08 | PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs… |
CVE-2026-40288 | Critical | 9.8 | 2026-04-14 | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary… |
CVE-2026-40289 | Critical | 9.1 | 2026-04-14 | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is… |
CVE-2026-40287 | High | 8.4 | 2026-04-14 | PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools… |
CVE-2026-40150 | High | 7.7 | 2026-04-09 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs fr… |
CVE-2026-40153 | High | 7.4 | 2026-04-09 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command arg… |
CVE-2026-40117 | Medium | 6.2 | 2026-04-09 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbitrary files from the filesystem by acce… |
CVE-2026-40152 | Medium | 5.3 | 2026-04-09 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directory parameter against workspace boundari… |
CVE-2026-40160 | | 2026-04-10 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get()… | |
CVE-2026-40111 | | 2026-04-09 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly t… |