CVE-2026-39891
HIGHPraisonAI <4.5.115 Agent Tool Definitions - Template Injection
Title source: manualDescription
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly into these tools without escaping, template expressions in the input are executed rather than treated as literal text. This vulnerability is fixed in 4.5.115.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-hwg5-x759-7wjg
Scores
CVSS v3
8.8
EPSS
0.0056
EPSS Percentile
41.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (3)
MervinPraison/PraisonAI
< 4.5.115
praison/praisonai
< 4.5.114
pypi/praisonai
0 - 4.5.115PyPI
Published
Apr 08, 2026
Tracked Since
Apr 09, 2026