Platform
python
Component
praisonai
Fixed in
4.5.129
CVE-2026-40156 describes a code execution vulnerability in PraisonAI, a multi-agent teams system. This flaw allows an attacker to execute arbitrary code by simply placing a malicious 'tools.py' file in the working directory. The vulnerability impacts versions 4.5.127 and earlier, and a patch is available in version 4.5.128.
The impact of this vulnerability is significant. An attacker can gain complete control over the PraisonAI instance by crafting a malicious 'tools.py' file. This file will be automatically loaded and executed without any user interaction or validation. The attacker could then execute arbitrary commands on the system running PraisonAI, potentially leading to data theft, system compromise, or denial of service. The lack of sandboxing or explicit user consent makes exploitation straightforward, especially in environments where the working directory is not carefully controlled.
This vulnerability was publicly disclosed on 2026-04-10. Currently, there are no known active campaigns exploiting this vulnerability, but the ease of exploitation suggests it could become a target. No public proof-of-concept code has been released at the time of writing, but the vulnerability's simplicity makes it likely that one will emerge. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.03% (7% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade PraisonAI to version 4.5.128 or later, which addresses this vulnerability. If upgrading is not immediately feasible, consider restricting access to the working directory where PraisonAI is running to prevent unauthorized file placement. Implement strict file permission controls to prevent users from creating or modifying files named 'tools.py' in the working directory. While a direct WAF rule is unlikely to be effective, monitoring the execution of 'importlib.util' and 'exec_module' within the PraisonAI process could provide an early warning of potential exploitation.
Update PraisonAI to version 4.5.128 or later to prevent the implicit execution of arbitrary code through the automatic loading of the tools.py file. Ensure that the tools.py file is not present in the working directory if not explicitly required.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-40156 is a code execution vulnerability in PraisonAI versions 4.5.127 and below, allowing attackers to execute arbitrary code by placing a malicious 'tools.py' file in the working directory.
You are affected if you are using PraisonAI versions 4.5.127 or earlier. Upgrade to version 4.5.128 to resolve the vulnerability.
Upgrade PraisonAI to version 4.5.128 or later. As a temporary workaround, restrict access to the working directory and prevent unauthorized file modifications.
There are currently no confirmed reports of active exploitation, but the vulnerability's simplicity makes it a potential target.
Refer to the PraisonAI official website or security mailing list for the latest advisory regarding CVE-2026-40156.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.