{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-40156/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-40156"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PraisonAI"],"_cs_severities":["high"],"_cs_tags":["cve-2026-40156","code-execution","praisonai"],"_cs_type":"advisory","_cs_vendors":["PraisonAI"],"content_html":"\u003cp\u003ePraisonAI, a multi-agent teams system, is susceptible to arbitrary code execution in versions prior to 4.5.128. This vulnerability stems from the application's automatic loading of a \u003ccode\u003etools.py\u003c/code\u003e file from the current working directory. This loading process leverages \u003ccode\u003eimportlib.util.spec_from_file_location\u003c/code\u003e and immediately executes module-level code using \u003ccode\u003espec.loader.exec_module()\u003c/code\u003e without any user consent, validation, or sandboxing mechanisms. The vulnerability arises because \u003ccode\u003etools.py\u003c/code\u003e is loaded implicitly, even if not referenced in any configuration files. An attacker who can place a malicious \u003ccode\u003etools.py\u003c/code\u003e file in a directory where PraisonAI is executed can achieve arbitrary code execution upon startup. This vulnerability violates the expected security boundary and makes automated systems running PraisonAI susceptible to compromise. The vulnerability is identified as CVE-2026-40156 and is resolved in version 4.5.128.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a system running a vulnerable version of PraisonAI (versions prior to 4.5.128).\u003c/li\u003e\n\u003cli\u003eThe attacker gains write access to a directory where PraisonAI is executed. This could be achieved through various means, such as exploiting a separate vulnerability or leveraging existing access.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious \u003ccode\u003etools.py\u003c/code\u003e file containing arbitrary code.\u003c/li\u003e\n\u003cli\u003eThe attacker places the malicious \u003ccode\u003etools.py\u003c/code\u003e file into the PraisonAI working directory.\u003c/li\u003e\n\u003cli\u003ePraisonAI is started (either manually or automatically, such as through a scheduled task or CI/CD pipeline).\u003c/li\u003e\n\u003cli\u003ePraisonAI automatically loads the \u003ccode\u003etools.py\u003c/code\u003e file using \u003ccode\u003eimportlib.util.spec_from_file_location\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe code within \u003ccode\u003etools.py\u003c/code\u003e is immediately executed via \u003ccode\u003espec.loader.exec_module()\u003c/code\u003e, granting the attacker arbitrary code execution within the context of the PraisonAI process.\u003c/li\u003e\n\u003cli\u003eThe attacker's code can perform actions such as installing malware, creating new user accounts, or exfiltrating sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40156 allows an attacker to execute arbitrary code on the affected system. This could lead to complete system compromise, including data theft, malware installation, and denial of service. The severity is high due to the ease of exploitation (simply placing a file in a directory) and the potential for significant damage. Victims would likely include organizations utilizing PraisonAI in automated or user-driven workflows.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade PraisonAI to version 4.5.128 or later to patch CVE-2026-40156.\u003c/li\u003e\n\u003cli\u003eImplement strict access controls on directories where PraisonAI is executed to prevent unauthorized file creation, mitigating the impact of CVE-2026-40156.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect PraisonAI tools.py Execution\u003c/code\u003e to identify instances where a \u003ccode\u003etools.py\u003c/code\u003e file is loaded from unexpected locations.\u003c/li\u003e\n\u003cli\u003eEnable process monitoring and auditing to detect suspicious activity originating from PraisonAI processes following exploitation of CVE-2026-40156.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-praisonai-code-exec/","summary":"PraisonAI versions before 4.5.128 are vulnerable to arbitrary code execution due to the automatic loading and execution of a 'tools.py' file from the current working directory without proper validation or user consent, potentially allowing attackers to execute malicious code by placing a rogue file in a PraisonAI execution directory.","title":"PraisonAI Arbitrary Code Execution Vulnerability (CVE-2026-40156)","url":"https://feed.craftedsignal.io/briefs/2024-01-praisonai-code-exec/"}],"language":"en","title":"CraftedSignal Threat Feed - Cve-2026-40156","version":"https://jsonfeed.org/version/1.1"}