CVE-2026-40315

PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers cannot be safely parameterized, an attacker who controls the table_prefix value (e.g., through from_yaml or from_dict configuration input) can inject arbitrary SQL fragments that alter query structure. This enables unauthorized data access, such as reading internal SQLite tables like sqlite_master, and manipulation of query results through techniques like UNION-based injection. The vulnerability propagates from configuration input in config.py, through factory.py, to the SQL query construction in sqlite.py. Exploitation requires the ability to influence configuration input, and successful exploitation leads to internal schema disclosure and full query result tampering. This issue has been fixed in version 4.5.133.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/MervinPraison/PraisonAI/commit/0accebb2e3c3ec2fca66bbea0444fb7a35f0b4ef	Patch
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x783-xp3g-mqhp	Exploit Vendor Advisory
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x783-xp3g-mqhp	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*

History

20 Apr 2026, 17:38

Type	Values Removed	Values Added
References	~~() https://github.com/MervinPraison/PraisonAI/commit/0accebb2e3c3ec2fca66bbea0444fb7a35f0b4ef -~~	() https://github.com/MervinPraison/PraisonAI/commit/0accebb2e3c3ec2fca66bbea0444fb7a35f0b4ef - Patch
References	~~() https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x783-xp3g-mqhp -~~	() https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x783-xp3g-mqhp - Exploit, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Praison Praison praisonai
CPE		cpe:2.3:a:praison:praisonai::::::::

14 Apr 2026, 14:16

Type	Values Removed	Values Added
References	~~() https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x783-xp3g-mqhp -~~	() https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x783-xp3g-mqhp -

14 Apr 2026, 04:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-14 04:17

Updated : 2026-04-20 17:38

NVD link : CVE-2026-40315

Mitre link : CVE-2026-40315

CVE.ORG link : CVE-2026-40315

JSON object : View

Products Affected

praison

praisonai

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

9.8 /10