HIGH🇵🇱 Wersja polska

CVE-2026-40149

CVSS 7.9v3.1pub. 2026-04-09upd. 2026-04-20

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no auth_token is configured (the default). By adding dangerous tool names (e.g., shell_exec, file_write) to the allowlist, an attacker can cause the ExecApprovalManager to auto-approve all future agent invocations of those tools, bypassing the human-in-the-loop safety mechanism that the approval system is specifically designed to enforce. This vulnerability is fixed in 4.5.128.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N
  • Praison Praisonai

    APP
    Praison
    < 4.5.128
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-44336CRITICAL9.4PL ✓ten sam produkt

Path Traversal i RCE w PraisonAI MCP Server (serwer narzędzi plikowych)

CVE-2026-41497CRITICAL9.8PL ✓ten sam produkt

Command Injection w PraisonAI — brak walidacji poleceń MCP

CVE-2026-40288CRITICAL9.8PL ✓ten sam produkt

PraisonAI — RCE i command injection przez niezaufowane pliki YAML

CVE-2026-40289CRITICAL9.1PL ✓ten sam produkt

PraisonAI – nieuwierzytelnione przejęcie sesji przeglądarki przez WebSocket

CVE-2026-40313CRITICAL9.1PL ✓ten sam produkt

PraisonAI – wyciek tokenów GitHub przez atak ArtiPACKED w CI/CD

CVE-2026-40149 — Praison — Praisonai — HIGH — CVSS 7.9 | CVEbaza.pl