Praison Praisonai
8 CVEs affecting Praison Praisonai. Latest disclosed: 2026-05-08. Critical: 2, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41497 | Critical | 9.8 | 2026-05-08 | PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument vali… |
CVE-2026-44336 | Critical | 9.6 | 2026-05-08 | PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-han… |
CVE-2026-44339 | High | 8.6 | 2026-05-08 | PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names a… |
CVE-2026-44334 | High | 8.4 | 2026-05-08 | PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI_ALLOW_… |
CVE-2026-41496 | High | 8.1 | 2026-05-08 | PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation… |
CVE-2026-44340 | High | 7.5 | 2026-05-08 | PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows rou… |
CVE-2026-44338 | High | 7.3 | 2026-05-08 | PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by… |
CVE-2026-44337 | Medium | 6.3 | 2026-05-08 | PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations… |