CVE-2026-39890

CRITICAL

PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading

Title source: cna
STIX 2.1

Description

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (RCE) on the server. This vulnerability is fixed in 4.5.115.

References (1)

Scores

CVSS v3 9.8
EPSS 0.0038
EPSS Percentile 59.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-502
Status published
Products (3)
MervinPraison/PraisonAI < 4.5.115
praison/praisonai < 4.5.114
pypi/praisonai 0 - 4.5.115PyPI
Published Apr 08, 2026
Tracked Since Apr 09, 2026