CVE-2026-56074— PraisonAI - Tool Approval Cache Bypass via Coarse-Grained Caching
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1530 · Data from Cloud StorageGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-56074
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PraisonAI - Tool Approval Cache Bypass via Coarse-Grained Caching
Source: NVD (National Vulnerability Database)
Vulnerability Description
PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and credentials via subsequent shell commands without user consent.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-56074
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-56074
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-56074 (2)
Same Patch Batch · PraisonAI · 2026-06-18 · 5 CVEs total
| CVE-2026-56078 | 8.8 HIGH | PraisonAI - Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor |
| CVE-2026-56075 | 8.8 HIGH | PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override |
| CVE-2026-56076 | 8.1 HIGH | PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentic |
| CVE-2026-56077 | 6.5 MEDIUM | PraisonAI - Information Disclosure via Shared MultiAgentLedger State |
IV. Related Vulnerabilities
Same product: PraisonAI
- CVE-2026-56078
PraisonAI - Arbitrary File Read and Write via Path Traversal - CVE-2026-56077
PraisonAI - Information Disclosure via Shared MultiAgentLedg - CVE-2026-56076
PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildc - CVE-2026-56075
PraisonAI - Arbitrary Shell Command Execution via Hardcoded - CVE-2026-44340
PraisonAI: Symlink-extraction bypass of `_safe_extractall` w
Same vendor: PraisonAI
Same weakness: CWE-863
- CVE-2026-47339
Apache APISIX: authz-casdoor incorrect session sharing - CVE-2026-56075
PraisonAI - Arbitrary Shell Command Execution via Hardcoded - CVE-2026-10741
Nexus Repository Manager - Incorrect Authorization allows cr - CVE-2026-54803
WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Pr - CVE-2026-32967
Apache DolphinScheduler: The `/v2` experimental interface la
V. Comments for CVE-2026-56074
No comments yet