CVE-2026-40313 | MervinPraison PraisonAI up to 4.5.139 GITHUB_TOKEN inclusion of functionality from untrusted control sphere (GHSA-3959-6v5q-45q2)

A vulnerability classified as critical has been found in MervinPraison PraisonAI up to 4.5.139. Affected is an unknown function. Performing a manipulation of the argument GITHUB_TOKEN results in inclusion of functionality from untrusted control sphere.

This vulnerability is cataloged as CVE-2026-40313. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More