Description
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (RCE) on the server. This vulnerability is fixed in 4.5.115.
Published: 2026-04-08
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from the AgentService.loadAgentFromFile method parsing YAML files with the js-yaml library without disabling dangerous tags such as !!js/function and !!js/undefined. This oversight permits an attacker to craft a malicious YAML file that, when parsed by the server, causes arbitrary JavaScript code to execute. The result is a remote code execution vulnerability that exposes the server to full compromise. Specifically, the weakness is categorized as improper deserialization of untrusted data (CWE-502).

Affected Systems

The affected product is PraisonAI, a multi‑agent teams system developed by MervinPraison. All releases prior to 4.5.115 are vulnerable. Versions 4.5.115 and later contain the fix and are not at risk.

Risk and Exploitability

The CVSS score of 9.8 indicates a high severity level, with nearly maximum potential impact on confidentiality, integrity, and availability. The EPSS score is not available, and the vulnerability is not currently listed in CISA’s KEV catalog, suggesting it has not yet been widely exploited. The likely attack vector is the API endpoint that accepts agent definition uploads; an attacker who can submit a malicious YAML file through this interface can trigger the vulnerability and obtain remote code execution on the server.

Generated by OpenCVE AI on April 8, 2026 at 22:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch that includes version 4.5.115 or later to remediate the vulnerability.
  • Restrict access to the agent definition upload API endpoint to trusted users or services to prevent unauthorized uploads.
  • If immediate patching is not possible, consider disabling dangerous YAML tags in the js‑yaml configuration to mitigate execution of untrusted code.

Generated by OpenCVE AI on April 8, 2026 at 22:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-32vr-5gcf-3pw2 PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
History

Wed, 15 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Praison
Praison praisonai
CPEs cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*
Vendors & Products Praison
Praison praisonai

Thu, 09 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Mervinpraison
Mervinpraison praisonai
Vendors & Products Mervinpraison
Mervinpraison praisonai

Wed, 08 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Description PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (RCE) on the server. This vulnerability is fixed in 4.5.115.
Title PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Mervinpraison Praisonai
Praison Praisonai
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-09T16:16:51.923Z

Reserved: 2026-04-07T20:32:03.011Z

Link: CVE-2026-39890

cve-icon Vulnrichment

Updated: 2026-04-09T14:52:48.391Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T21:17:01.267

Modified: 2026-04-15T17:56:13.590

Link: CVE-2026-39890

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:27:14Z

Weaknesses