CVE-2026-56077

MEDIUM

PraisonAI - Information Disclosure via Shared MultiAgentLedger State

Title source: cna
STIX 2.1

Description

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents.

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory
VulnCheck Advisory: PraisonAI - Information Disclosure via Shared MultiAgentLedger State
https://www.vulncheck.com/advisories/praisonai-information-disclosure-via-shared-multiagentledger-state

Scores

CVSS v3 6.5
EPSS 0.0026
EPSS Percentile 16.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-668
Status published
Products (2)
PraisonAI/PraisonAI < 1.5.115
PraisonAI/PraisonAI 1.5.115
Published Jun 18, 2026
Tracked Since Jun 19, 2026