Back to CVE List

CVE-2026-44337

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vulnerability Description

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-20
Source
NVD
Vendor
MervinPraison
Product
PraisonAI

External References

Discussion (0)

Add Comment

No comments yet. Be the first!