PraisonAI versions 4.5.138 and below allow malicious code to run on your computer

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.4

PraisonAI versions 4.5.138 and below allow malicious code to run on your computer

CVE-2026-40287

Summary

If you're using PraisonAI version 4.5.138 or earlier, an attacker could put a fake 'tools.py' file in the folder where you run PraisonAI and execute malicious code on your computer. This could compromise your PraisonAI process, your computer, and any connected data or credentials. Update to version 4.5.139 or later to fix this issue.

Original title

Original description

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py (import_tools_from_file()), tool_resolver.py (_load_local_tools()), and CLI tool-loading paths blindly import ./tools.py at startup without any validation, sandboxing, or user confirmation. An attacker who can place a malicious tools.py in the directory where PraisonAI is launched (such as through a shared project, cloned repository, or writable workspace) achieves immediate arbitrary Python code execution in the host environment. This compromises the full PraisonAI process, the host system, and any connected data or credentials. This issue has been fixed in version 4.5.139.

nvd CVSS3.1 8.4

Vulnerability type

CWE-94 Code Injection

CWE-426

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-g985-wjh9-qx...

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026