CVE-2026-39890

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.115

Description PraisonAI's AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags like !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (RCE) on the server. The vulnerable code is located in src/agents/agent.service.ts at line 55. A proof-of-concept (PoC) involves creating a YAML file with a !!js/function tag to execute arbitrary commands, such as touch /tmp/pwned, when the agent is loaded. This can lead to complete compromise of the server, data theft, or further network penetration.

Recommendations Replace the unsafe load method with a safe alternative, using the load method with a safe schema, such as JSON SCHEMA or DEFAULT SAFE SCHEMA. For example:

import yaml from 'js-yaml';
import { JSON SCHEMA } from 'js-yaml';

// In the loadAgentFromFile method
const agent = yaml.load(fileContent, { schema: JSON SCHEMA });