CVE-2026-40154

PraisonAI · PraisonAI

PraisonAI fails to validate the integrity or origin of remotely fetched template files, enabling supply chain attacks by executing malicious code.

Executive summary

A critical supply chain vulnerability in PraisonAI allows for arbitrary code execution by treating unverified, remotely fetched templates as trusted executable code.

Vulnerability

The application suffers from a lack of integrity verification and origin validation when processing remotely fetched template files. This allows an attacker to inject malicious templates that the system subsequently executes without user confirmation or validation.

Business impact

The ability to inject and execute arbitrary code via malicious templates creates a severe supply chain risk, potentially leading to unauthorized data access, service disruption, and total system compromise. With a CVSS score of 9.3, this flaw necessitates immediate remediation to prevent attackers from gaining persistent access to the server or integrated environments.

Remediation

Immediate Action: Upgrade the PraisonAI system to version 4.5.128 or later to incorporate the necessary integrity and validation checks.

Proactive Monitoring: Monitor for unexpected outbound network connections from the PraisonAI application to untrusted endpoints and audit logs for unusual template file processing events.

Compensating Controls: Implement strict egress filtering on the application server to prevent the fetching of templates from unauthorized or unknown external domains.

Exploitation status

Public Exploit Available: No

Analyst recommendation

This vulnerability represents a significant supply chain risk that could be leveraged for widespread system compromise. Security teams should immediately verify their current PraisonAI version and apply the patch to ensure all template processing is subjected to rigorous integrity verification.