216.73.217.64

CVE-2026-39891

· Published 08/04/2026 21:17 · Modified 09/04/2026 14:16

Labels: CVE-2026-39891 2026-04-08CVE-2026-39891CWE-94[email protected]

Essential information

Published
08/04/2026 21:17
Modified
09/04/2026 14:16
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly into these tools without escaping, template expressions in the input are executed rather than treated as literal text. This vulnerability is fixed in 4.5.115.

NVD status

Status
Undergoing Analysis — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
praisonai / praisonai cpe:2.3:a:praisonai:praisonai:<4.5.115:*:*:*:*:*:*:*

References