CVE-2026-40117

Name of the Vulnerable Software and Affected Versions PraisonAIAgents versions prior to 1.5.128

Description PraisonAIAgents is a multi-agent teams system. The read skill file() function in skill tools.py allows reading arbitrary files from the filesystem due to an unrestricted skill path parameter. Unlike file tools.read file which enforces workspace boundary confinement, and unlike run skill script which requires critical-level approval, read skill file lacks these protections. An agent influenced by prompt injection can exfiltrate sensitive files without triggering any approval prompt.

Recommendations Update PraisonAIAgents to version 1.5.128 or later.