CVE-2026-40149 — PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/a…
Severity: High · Kind: Vulnerability
We've ingested this item but haven't summarised it yet. Read the upstream advisory using the link below in the meantime — the AI summary will appear here once the next run completes.
From the source
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no auth_token is configured (the default). By adding dangerous tool names (e.g., shell_exec, file_write) to the allowlist, an attacker can cause the ExecApprovalManager to auto-approve all future agent invocations of those tools, bypassing the human-in-the-loop safety mechanism that the approval system is specifically designed to enforce. This vulnerability is fixed in 4.5.128.
Vulnerability facts
- CVE
- CVE-2026-40149
- CVSS
- 7.9
Was this useful?
Plain-English summaries are AI-generated and reviewed for tone, not technical accuracy. For incident response, always rely on the original source linked above.