PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34.
References
| Link | Resource |
|---|---|
| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2 | Exploit Vendor Advisory |
| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2 | Exploit Vendor Advisory |
Configurations
History
08 May 2026, 19:07
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2 - Exploit, Vendor Advisory | |
| CPE | cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:* | |
| First Time |
Praison praisonai
Praison |
08 May 2026, 15:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2 - |
08 May 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-08 14:16
Updated : 2026-05-08 19:07
NVD link : CVE-2026-44337
Mitre link : CVE-2026-44337
CVE.ORG link : CVE-2026-44337
JSON object : View
Products Affected
praison
- praisonai