All 37 CVE vulnerabilities found in PraisonAI, with AI-generated Chinese analysis, references, and POCs.
Vendor: MervinPraison
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-34952 | PraisonAI: Missing Authentication in WebSocket Gateway CWE-306 | 9.1 | Critical | 2026-04-03 |
| CVE-2026-34939 | PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools() CWE-1333 | 6.5 | Medium | 2026-04-03 |
| CVE-2026-34938 | PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code CWE-693 | 10.0 | Critical | 2026-04-03 |
| CVE-2026-34937 | PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution CWE-78 | 7.8 | High | 2026-04-03 |
| CVE-2026-34936 | PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback CWE-918 | 7.7 | High | 2026-04-03 |
| CVE-2026-34934 | PraisonAI: Second-Order SQL Injection in `get_all_user_threads` CWE-89 | 9.8 | Critical | 2026-04-03 |
| CVE-2026-34935 | PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command() CWE-78 | 9.8 | Critical | 2026-04-03 |
All 37 known CVE vulnerabilities affecting PraisonAI with full Chinese analysis, references, and POCs where available.