CVE-2026-40287

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.139

Description PraisonAI is a multi-agent teams system that allows arbitrary code execution due to the automatic and unsanitized import of a tools.py file from the current working directory. This occurs when launching certain components, including the CLI tool-loading paths, the import tools from file() function in call.py, and the load local tools() function in tool resolver.py. An attacker who can place a malicious tools.py file in the directory where the system is launched—such as through a shared project, cloned repository, or writable workspace—can execute arbitrary Python code in the host environment. This leads to the full compromise of the process, the host system, and any connected data or credentials.

Recommendations Update to version 4.5.139. As a temporary workaround, ensure that no untrusted tools.py files exist in the working directory where the software is launched.