CPE

Cpe:2.3:a:praison:praisonai::::::::

3 briefs RSS

PraisonAI Unsafe Tool Resolution Vulnerability

PraisonAI resolves tool names against module globals and `__main__` after failing to match declared tools, allowing an attacker who can influence tool-call names to invoke unintended application callables, leading to potential unauthorized state changes and command execution.

PraisonAI +1 vulnerability code-execution ai-agent

2r 1t 1c 1h ago

high advisory

PraisonAI Symlink Extraction Bypass Vulnerability

2 rules 2 TTPs 1 CVE

PraisonAI versions 2.7.2 through 4.6.35 are vulnerable to an arbitrary file write due to improper validation of symlinks during archive extraction, affecting `recipe pull`, `recipe publish`, and `recipe unpack` flows.

PraisonAI symlink arbitrary file write path traversal attack.persistence attack.privilege_escalation

2r 2t 1c 1h ago

high advisory

PraisonAI Legacy API Server Authentication Bypass (CVE-2026-44338)

2 rules 1 TTP 1 CVE

PraisonAI ships a legacy Flask API server with authentication disabled by default, allowing any reachable caller to access `/agents` and trigger the configured `agents.yaml` workflow through `/chat` without providing a token (CVE-2026-44338).

PraisonAI authentication bypass API CVE-2026-44338

2r 1t 1c 1h ago

Cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*

PraisonAI Unsafe Tool Resolution Vulnerability

PraisonAI Symlink Extraction Bypass Vulnerability

PraisonAI Legacy API Server Authentication Bypass (CVE-2026-44338)

Cpe:2.3:a:praison:praisonai::::::::