CVE-2026-41496 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: May 9, 2026
PraisonAI - SQL Injection
Published: May 8, 2026Updated: May 9, 2026PoC AvailableRemote Exploitable
Overview
PraisonAI < 4.6.9 and praisonaiagents < 1.6.9 contain an SQL injection caused by unvalidated input passed directly into f-string SQL queries in multiple backends, letting attackers execute arbitrary SQL commands, exploit requires crafted input.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Attackers can execute arbitrary SQL commands, potentially leading to data disclosure, modification, or full database compromise.
Mitigation
Update to praisonai version 4.6.9 and praisonaiagents version 1.6.9 or later.
Related Resources
Details
- CVE ID
- CVE-2026-41496
- Severity
- High
- CVSS Score
- 8.1
- Type
- sql_injection
- Status
- modified
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N