CVE-2026-40154 - Vulnerability Analysis
CriticalCVSS: 9.3Last Updated: April 9, 2026
PraisonAI - Template Injection
Published: April 9, 2026Updated: April 9, 2026Remote Exploitable
Overview
PraisonAI < 4.5.128 contains a template injection caused by treating remotely fetched template files as trusted executable code without integrity verification or origin validation, letting remote attackers execute malicious templates, exploit requires remote template fetching.
Severity & Score
Severity: Critical
CVSS Score: 9.3
Impact
Remote attackers can execute malicious templates, potentially leading to remote code execution and full system compromise.
Mitigation
Upgrade to version 4.5.128 or later.
Related Resources
Details
- CVE ID
- CVE-2026-40154
- Severity
- Critical
- CVSS Score
- 9.3
- Type
- template_injection
- Status
- new
CWE
- CWE-829
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N