Platform
python
Component
praisonai
Fixed in
4.5.116
4.5.115
CVE-2026-39891 describes a Remote Code Execution (RCE) vulnerability in praisonai versions up to 4.5.98. This vulnerability arises from the direct insertion of unescaped user input into template-rendering tools, enabling attackers to execute arbitrary code. The vulnerability impacts users of praisonai running versions 4.5.98 and earlier, and a fix is available in version 4.5.115.
An attacker can exploit this vulnerability by crafting malicious agent instructions that include template expressions. These expressions, when processed by praisonai's template rendering tools, will be executed, allowing the attacker to execute arbitrary code on the affected system. This could lead to complete system compromise, including data theft, modification, or destruction. The potential impact is significant, as an attacker could gain full control of the system running praisonai. The vulnerability's reliance on agent instructions suggests a potential attack vector through any interface where users can provide input to the agent.
CVE-2026-39891 was publicly disclosed on 2026-04-08. The vulnerability's exploitation context is currently unclear, and there are no known public proof-of-concept exploits. The CVSS score of 8.8 (HIGH) indicates a significant potential for exploitation. It is not listed on the CISA KEV catalog as of this writing.
Exploit Status
EPSS
0.05% (17% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-39891 is to upgrade praisonai to version 4.5.115 or later, which includes the necessary fixes to prevent the vulnerability. If upgrading immediately is not possible, consider implementing input validation and sanitization on user-provided agent instructions to prevent the injection of malicious template expressions. Specifically, ensure all user input is properly escaped before being passed to the template rendering engine. While a direct WAF rule is difficult without specific expression patterns, a general rule blocking unusual characters or patterns in agent instructions could provide a temporary layer of defense. After upgrading, verify the fix by attempting to create an agent with a crafted instruction containing template expressions; the system should reject the instruction or render it as literal text, not execute it.
Update PraisonAI to version 4.5.115 or higher to mitigate the template injection vulnerability. This version fixes the issue by properly escaping user input before using it in template rendering.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-39891 is a Remote Code Execution vulnerability in praisonai versions up to 4.5.98, allowing attackers to execute arbitrary code through unescaped user input in agent instructions.
You are affected if you are using praisonai version 4.5.98 or earlier. Check your version and upgrade immediately.
Upgrade praisonai to version 4.5.115 or later. As a temporary measure, implement input validation and sanitization on user-provided agent instructions.
There are currently no confirmed reports of active exploitation, but the HIGH severity score indicates a significant potential for exploitation.
Refer to the official praisonai security advisory for detailed information and updates: [Replace with actual advisory URL when available]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.