NEXTGUARD
UNKNOWNCVE-2026-34934

CVE-2026-34934: PraisonAI SQL Injection Vulnerability (<4.5.90)

Platform

php

Component

praisonai

Fixed in

4.5.90

View on NVD

CVE-2026-34934 describes a SQL Injection vulnerability affecting PraisonAI, a multi-agent teams system. Specifically, the `get_all_user_threads` function constructs raw SQL queries using unescaped thread IDs, allowing an attacker to inject malicious code and gain full database access. This vulnerability affects PraisonAI versions prior to 4.5.90. The issue has been patched in version 4.5.90.

How to fix

Actualice PraisonAI a la versión 4.5.90 o superior para mitigar la vulnerabilidad de inyección SQL de segundo orden.  Asegúrese de que las consultas SQL no construyan consultas SQL dinámicas con datos no escapados de la base de datos.  Valide y escape adecuadamente todas las entradas del usuario antes de usarlas en consultas SQL.

Frequently asked questions

What is CVE-2026-34934?

CVE-2026-34934 is a critical SQL Injection vulnerability in PraisonAI that allows attackers to gain full database access by injecting malicious code via thread IDs.

Am I affected by CVE-2026-34934?

You are affected by CVE-2026-34934 if you are using PraisonAI version less than 4.5.90. This vulnerability allows attackers to inject malicious code.

How do I fix CVE-2026-34934?

To fix CVE-2026-34934, upgrade your PraisonAI installation to version 4.5.90 or later. This version contains a patch that resolves the SQL Injection vulnerability.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-34934: PraisonAI SQL Injection Vulnerability (<4.5.90) | NextGuard