PT-2026-31810 · Praisonai · Praisonai

Published

2026-04-09

·

Updated

2026-04-12

·

CVE-2026-40154

CVSS v3.1

9.6

Critical

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128
Description PraisonAI is a multi-agent teams system. Prior to version 4.5.128, the software treats remotely fetched template files as trusted executable code without performing integrity verification, origin validation, or user confirmation. This can enable supply chain attacks through malicious templates. Attackers can potentially hijack AI workflows by serving malicious templates from compromised sources.
Recommendations Update to version 4.5.128 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-829

Related Identifiers

CVE-2026-40154
GHSA-PV9Q-275H-RH7X

Affected Products

Praisonai