CVE-2026-40154
PraisonAI · PraisonAI
PraisonAI fails to validate the integrity or origin of remotely fetched template files, enabling supply chain attacks by executing malicious code.
Executive summary
A critical supply chain vulnerability in PraisonAI allows for arbitrary code execution by treating unverified, remotely fetched templates as trusted executable code.
Vulnerability
The application suffers from a lack of integrity verification and origin validation when processing remotely fetched template files. This allows an attacker to inject malicious templates that the system subsequently executes without user confirmation or validation.
Business impact
The ability to inject and execute arbitrary code via malicious templates creates a severe supply chain risk, potentially leading to unauthorized data access, service disruption, and total system compromise. With a CVSS score of 9.3, this flaw necessitates immediate remediation to prevent attackers from gaining persistent access to the server or integrated environments.
Remediation
Immediate Action: Upgrade the PraisonAI system to version 4.5.128 or later to incorporate the necessary integrity and validation checks.
Proactive Monitoring: Monitor for unexpected outbound network connections from the PraisonAI application to untrusted endpoints and audit logs for unusual template file processing events.
Compensating Controls: Implement strict egress filtering on the application server to prevent the fetching of templates from unauthorized or unknown external domains.
Exploitation status
Public Exploit Available: No
Analyst recommendation
This vulnerability represents a significant supply chain risk that could be leveraged for widespread system compromise. Security teams should immediately verify their current PraisonAI version and apply the patch to ensure all template processing is subjected to rigorous integrity verification.