CVE-2026-56077

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents.

Vulnerability Details

Published Date

June 18, 2026

Last Modified

June 18, 2026

CWE ID

CWE-668

Source

NVD

Vendor

PraisonAI

Product

PraisonAI

External References

https://github.com/MervinPraison/PraisonAI
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-766v-q9x3-g744
https://www.vulncheck.com/advisories/praisonai-information-disclosure-via-shared-multiagentledger-state

CVE-2026-56077

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment