CVE-2026-44339

Name of the Vulnerable Software and Affected Versions praisonai versions prior to 4.6.37 praisonaiagents versions prior to 1.6.37

Description PraisonAI is a multi-agent teams system. The praisonaiagents component resolves unresolved tool names against module globals and main after failing to match the declared tool list and the registry. Because the default agent configuration sets perm allow to None, undeclared non-dangerous tool names are not rejected by the permission gate. This allows an attacker capable of influencing tool-call names to invoke unintended application callables that were not declared as tools.

Recommendations Update praisonai to version 4.6.37. Update praisonaiagents to version 1.6.37.