Vulnerabilidades em MervinPraison
54 resultadosCVE-2026-40153HIGHPraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell ToolEPSS 0.3%CVE-2026-40150HIGHPraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl ToolEPSS 0.3%CVE-2026-40287HIGHPraisonAI has RCE via Automatic tools.py ImportEPSS 0.2%CVE-2026-44334HIGHPraisonAI: Unauthenticated RCE via `tool_override.py`EPSS 0.2%CVE-2026-40148MEDIUMPraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size LimitsEPSS 0.2%CVE-2026-40158HIGHPraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonaiEPSS 0.2%CVE-2026-40117MEDIUMPraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval GateEPSS 0.2%CVE-2026-40113HIGHPraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-varsEPSS 0.2%CVE-2026-40111CRITICALPraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)EPSS 0.2%CVE-2026-40149HIGHPraisonAI has an Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety ControlsEPSS 0.2%CVE-2026-40112MEDIUMPraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)EPSS 0.2%CVE-2026-44337MEDIUMPraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queriesEPSS 0.2%CVE-2026-40156HIGHPraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` LoadingEPSS 0.2%CVE-2026-40159MEDIUMPraisonAI Exposes Sensitive Environment Variable via Untrusted MCP Subprocess ExecutionEPSS 0.2%