Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in 4.5.128.
Published: 2026-04-09
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

PraisonAI processes template files that it retrieves from remote URLs, treating them as trusted executable code without verifying their integrity, validating their source, or seeking user consent. Because of this lack of validation, an attacker can supply a malicious template that the system will execute, providing remote code execution with full control over the application and its underlying environment. This vulnerability is classified as CWE‑829, representing untrusted code execution stemming from insecure handling of external artifacts.

Affected Systems

The flaw affects all installations of PraisonAI running a version earlier than 4.5.128. The only vendor identified is MervinPraison, whose PraisonAI product implements the vulnerable template processing logic. Versions 4.5.128 and later include the necessary safeguards to prevent execution of unverified remote templates.

Risk and Exploitability

The CVSS score of 9.3 signals a severe risk, indicating that an attacker that can influence the remote location of a template can run arbitrary code on the target system. Exploitation requires no authentication and no user interaction, as the system automatically fetches and executes the template during normal operation. EPSS data is not provided, and the vulnerability is not yet listed in the CISA Known Exploited Vulnerabilities catalog, though its high severity suggests that it could be a target for future supply‑chain attacks.

Generated by OpenCVE AI on April 9, 2026 at 23:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PraisonAI to version 4.5.128 or newer.

Generated by OpenCVE AI on April 9, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-pv9q-275h-rh7x PraisonAI Vulnerable Untrusted Remote Template Code Execution
History

Wed, 15 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Praison
Praison praisonai
CPEs cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*
Vendors & Products Praison
Praison praisonai

Fri, 10 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Mervinpraison
Mervinpraison praisonai
Vendors & Products Mervinpraison
Mervinpraison praisonai

Thu, 09 Apr 2026 22:00:00 +0000

Type Values Removed Values Added
Description PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in 4.5.128.
Title PraisonAI Affected by Untrusted Remote Template Code Execution
Weaknesses CWE-829
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N'}

Subscriptions

Mervinpraison Praisonai
Praison Praisonai
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-10T17:09:03.403Z

Reserved: 2026-04-09T19:31:56.013Z

Link: CVE-2026-40154

cve-icon Vulnrichment

Updated: 2026-04-10T17:08:58.223Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T22:16:36.503

Modified: 2026-04-15T18:56:45.710

Link: CVE-2026-40154

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:45Z

Weaknesses