CVE-2026-44339HIGH 8.6EPSS p28.0%

CVE-2026-44339CVE-2026-44339

Description

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after it fails to match the declared tool list and the registry. With the default agent configuration, _perm_allow is None, so undeclared non-dangerous tool names are not rejected by the permission gate. An attacker who can influence tool-call names can therefore invoke unintended application callables that were never declared as tools. This issue has been patched in praisonai version 4.6.37 and praisonaiagents version 1.6.37.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
EPSS0.36% probability of exploitation · percentile 28.0% · 2026-06-18T12:00:27Z
Published2026-05-08
Last modified2026-05-08

Underlying weaknesses· 1

CWE-470

References

  1. https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-gmjg-hv98-qggq
  2. https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-gmjg-hv98-qggq

1

TypeTargetConfidenceTier
WeaknessUse of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')cwe-4700%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-44334
CVE
CVE-2026-40287
CVE
CVE-2026-34937
CVE
CVE-2026-34938
CVE
CVE-2026-41497
CVE
CVE-2026-34935
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.