CVE-2026-41496

HIGH

PraisonAI < 4.6.9 Conversation Store Backends - SQL Injection

Title source: manual

Description

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass table_prefix straight into f-string SQL. Same root cause, same code pattern, same exploitation. 52 unvalidated injection points across the codebase. postgres.py additionally accepts an unvalidated schema parameter used directly in DDL. This issue has been patched in praisonai version 4.6.9 and praisonaiagents version 1.6.9.

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-rg3h-x3jw-7jm5

Scores

CVSS v3 8.1

EPSS 0.0001

EPSS Percentile 2.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (6)

MervinPraison/PraisonAI praisonai < 4.6.9

MervinPraison/PraisonAI praisonaiagents < 1.6.9

praison/praisonai < 4.6.9

praison/praisonaiagents < 1.6.9

pypi/praisonai 0 - 4.5.149PyPI

pypi/praisonaiagents 0 - 1.6.8PyPI

Published May 08, 2026

Tracked Since May 08, 2026