Product
high
advisory
PraisonAI Authentication Bypass via PRAISONAI_CALL_AUTH=disabled
2 rules 7 TTPsA high-severity authentication bypass vulnerability in PraisonAI versions prior to 4.6.61 allows unauthenticated attackers to invoke any registered agent by setting the `PRAISONAI_CALL_AUTH=disabled` environment variable, potentially leading to arbitrary code execution or system compromise.
praisonai
web-vulnerability
authentication-bypass
api-exploitation
misconfiguration
container
2r
7t
critical
advisory
PraisonAI `multiedit` Tool Vulnerability Allows Arbitrary File Read/Write and RCE
3 rules 5 TTPsA critical vulnerability in PraisonAI's `multiedit` tool, affecting versions prior to 4.6.61, enables threat actors to achieve arbitrary file read and write capabilities by influencing LLM agent tool arguments, leading to sensitive data exfiltration and potential remote code execution.
praisonai
LLM
AI
supply-chain
arbitrary-file-read
arbitrary-file-write
path-traversal
RCE
3r
5t