HIGH🇵🇱 Wersja polska

CVE-2026-41496

CVSS 8.1v3.1pub. 2026-05-08upd. 2026-05-09

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass table_prefix straight into f-string SQL. Same root cause, same code pattern, same exploitation. 52 unvalidated injection points across the codebase. postgres.py additionally accepts an unvalidated schema parameter used directly in DDL. This issue has been patched in praisonai version 4.6.9 and praisonaiagents version 1.6.9.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • Praison Praisonai

    APP
    Praison
    < 4.6.9
  • Praison Praisonaiagents

    APP
    Praison
    < 1.6.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2026-44336CRITICAL9.4PL ✓ten sam produkt

Path Traversal i RCE w PraisonAI MCP Server (serwer narzędzi plikowych)

CVE-2026-41497CRITICAL9.8PL ✓ten sam produkt

Command Injection w PraisonAI — brak walidacji poleceń MCP

CVE-2026-40288CRITICAL9.8PL ✓ten sam produkt

PraisonAI — RCE i command injection przez niezaufowane pliki YAML

CVE-2026-40289CRITICAL9.1PL ✓ten sam produkt

PraisonAI – nieuwierzytelnione przejęcie sesji przeglądarki przez WebSocket

CVE-2026-40313CRITICAL9.1PL ✓ten sam produkt

PraisonAI – wyciek tokenów GitHub przez atak ArtiPACKED w CI/CD