CVE-2026-40156

Name of the Vulnerable Software and Affected Versions: PraisonAI versions prior to 4.5.128

Description: PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This process uses importlib.util.spec from file location and immediately executes module-level code via spec.loader.exec module() without user consent, validation, or sandboxing. The tools.py file is loaded implicitly, even if not referenced in configuration files. Placing a malicious tools.py file in the working directory allows for arbitrary code execution upon startup, before any agent logic begins. This introduces a software supply chain risk, potentially affecting CI/CD pipelines, shared development environments, and AI workflow automation systems. Successful exploitation can lead to arbitrary command execution and credential exfiltration.

Recommendations: Update to version 4.5.128 or later.