praison security advisories
9 threat alerts tracking vulnerabilities and security advisories that affect praison products.
Vulnios monitors praison CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent praison security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-44335 — praison — praisonaiagents
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has be
criticalCVE-2026-44335Critical Vulnerability: CVE-2026-44336 — praison — praisonai
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules.
criticalCVE-2026-44336Critical Vulnerability: CVE-2026-41497 — praison — praisonai
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing a
criticalCVE-2026-41497Critical Vulnerability: CVE-2026-40154 — praison — praisonai
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confir
criticalCVE-2026-40154Critical Vulnerability: CVE-2026-39888 — praison — praisonai
PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a
criticalCVE-2026-39888Critical Vulnerability: CVE-2026-39890 — praison — praisonai
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/functio
criticalCVE-2026-39890Critical Vulnerability: CVE-2026-34934 — praison — praisonai
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An a
criticalCVE-2026-34934Critical Vulnerability: CVE-2026-34935 — praison — praisonai
PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_pro
criticalCVE-2026-34935Critical Vulnerability: CVE-2026-34938 — praison — praisonaiagents
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing
criticalCVE-2026-34938
Track praison exposure across your environment
Vulnios automatically cross-references your asset inventory against new praison CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan