CVE-2026-44337

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.4.1 through 4.6.33

Description PraisonAI is a multi-agent teams system that exposes optional SQL/CQL-backed knowledge-store implementations. These implementations build table and index identifiers using unvalidated name and collection arguments. Applications passing untrusted collection names into these backends can trigger SQL or CQL injection, which occurs when malicious SQL or CQL statements are inserted into entry fields for execution.

Recommendations Update to version 4.6.34.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-89

Related Identifiers

CVE-2026-44337

GHSA-3643-7V76-5CJ2

Affected Products

Praisonai

CVE-2026-44337

Weakness Enumeration

Related Identifiers

Affected Products

References · 5