CVE-2026-40287 | MervinPraison PraisonAI/praisonaiagents up to 4.5.138 tools.py import_tools_from_file code injection (GHSA-g985-wjh9-qxxc)

A vulnerability was found in MervinPraison PraisonAI and praisonaiagents up to 4.5.138. It has been declared as critical. Impacted is the function import_tools_from_file of the file tools.py. Such manipulation leads to code injection.

This vulnerability is referenced as CVE-2026-40287. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More