Plattform
python
Komponente
praisonai
Behoben in
4.5.129
CVE-2026-40156 describes a code execution vulnerability in PraisonAI, a multi-agent teams system. This flaw allows an attacker to execute arbitrary code by simply placing a malicious 'tools.py' file in the working directory. The vulnerability impacts versions 4.5.127 and earlier, and a patch is available in version 4.5.128.
The impact of this vulnerability is significant. An attacker can achieve remote code execution (RCE) on the system running PraisonAI simply by controlling the working directory. This allows them to execute arbitrary commands, potentially leading to complete system compromise, data theft, or denial of service. The implicit loading of 'tools.py' without user consent or validation makes exploitation straightforward, requiring no complex configuration or interaction beyond file placement. This vulnerability shares similarities with other file-loading vulnerabilities where untrusted code is executed without proper sanitization.
This vulnerability was publicly disclosed on 2026-04-10. Exploitation is relatively straightforward, requiring only the ability to place a file named 'tools.py' in the working directory. The vulnerability is not currently listed on the CISA KEV catalog, but its ease of exploitation warrants careful monitoring. No public proof-of-concept exploits have been released as of this writing.
Organizations using PraisonAI for agent-based automation or AI development are at risk, particularly those with less stringent access controls to the system's working directory. Shared hosting environments or deployments where multiple users have write access to the working directory are especially vulnerable.
• linux / server: Monitor process execution for importlib.util and exec_module within the PraisonAI process using journalctl or auditd.
journalctl -u praisonai | grep -i 'importlib.util'• python: Check for the existence of a 'tools.py' file in the PraisonAI working directory.
import os
if os.path.exists('tools.py'):
print('Potential vulnerability: tools.py found')• generic web: Monitor access logs for requests that might indicate attempts to place or access 'tools.py' in the working directory.
disclosure
Exploit-Status
EPSS
0.03% (7% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade PraisonAI to version 4.5.128 or later, which addresses the vulnerability by implementing proper validation and sandboxing for loaded modules. If an immediate upgrade is not possible, consider restricting access to the PraisonAI working directory to prevent unauthorized file placement. Implement a WAF rule to block requests containing 'tools.py' in the URL or POST data. Monitor system logs for suspicious activity related to module loading and execution. After upgrade, confirm by attempting to place a dummy 'tools.py' file in the working directory and verifying that it is not automatically executed.
Aktualisieren Sie PraisonAI auf Version 4.5.128 oder höher, um die implizite Ausführung von beliebigem Code über das automatische Laden der tools.py-Datei zu vermeiden. Stellen Sie sicher, dass die tools.py-Datei nicht im Arbeitsverzeichnis vorhanden ist, wenn sie nicht explizit benötigt wird.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-40156 is a code execution vulnerability in PraisonAI versions 4.5.127 and below, allowing attackers to execute arbitrary code by placing a malicious 'tools.py' file in the working directory.
You are affected if you are using PraisonAI versions 4.5.127 or earlier. Upgrade to version 4.5.128 to resolve the vulnerability.
Upgrade PraisonAI to version 4.5.128 or later. As a temporary workaround, restrict access to the working directory and prevent unauthorized file modifications.
There are currently no confirmed reports of active exploitation, but the vulnerability's simplicity makes it a potential target.
Refer to the PraisonAI official website or security mailing list for the latest advisory regarding CVE-2026-40156.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.