CVE-2026-60090

MervinPraison · PraisonAI

PraisonAI fails to validate the dimension argument in its knowledge-store backends, enabling SQL/CQL injection via specially crafted strings.

Executive summary

An unauthenticated SQL/CQL injection vulnerability in PraisonAI allows attackers to execute arbitrary database commands via the knowledge-store API.

Vulnerability

This is an SQL injection vulnerability (CWE-89) where the 'dimension' argument is improperly neutralized. Attackers can inject malicious SQL/CQL tokens into the database statement, leading to unauthorized data manipulation or deletion.

Business impact

The vulnerability allows for total control over database operations, including the ability to drop tables or exfiltrate sensitive information. With a CVSS score of 9.8, the potential for data loss and severe operational disruption is critical, necessitating immediate remediation.

Remediation

Immediate Action: Update PraisonAI to version 4.6.78 or later to incorporate input validation fixes.

Proactive Monitoring: Monitor database query logs for anomalous syntax, specifically looking for injected SQL tokens like DROP, UNION, or comment syntax (--).

Compensating Controls: Utilize database-level permissions to restrict the application user's access, ensuring the service account cannot drop tables or access sensitive schemas.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

Given the ease of exploitation and the severity of SQL injection, upgrading to the patched version is essential. Verify that the update has been applied successfully and audit database logs for any signs of prior unauthorized access attempts.