The vulnerability is a second‑order SQL injection that occurs in PraisonAI's get_all_user_threads function. Inside the function raw SQL queries are built with f‑strings that embed thread IDs retrieved from the database without escaping. An attacker can store a malicious thread ID via the update_thread endpoint. When the application later fetches the thread list, the injected payload is executed, giving the attacker unrestricted access to the database. This flaw is classified as CWE‑89 and can compromise data confidentiality and integrity.

The affected product is PraisonAI, developed by MervinPraison. All releases prior to version 4.5.90 implement the vulnerable logic in get_all_user_threads. The issue is triggered through the update_thread operation and is fixed by the patch shipped with version 4.5.90, which sanitizes thread IDs before inclusion in SQL statements.

The CVSS score of 9.8 classifies this flaw as Critical, indicating that an attacker can fully compromise the database. The EPSS score is less than 1 %, suggesting that exploit attempts are currently rare. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker needs the ability to send a request that stores a malicious thread ID via update_thread, but no additional privileges or pre‑existing session are required beyond normal API access. The likely attack vector is the API or web interface that accepts thread updates. The patch in version 4.5.90 removes the injection vector.