CVE-2026-41496: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in MervinPraison PraisonAI
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass table_prefix straight into f-string SQL. Same root cause, same code pattern, same exploitation. 52 unvalidated injection points across the codebase. postgres.py additionally accepts an unvalidated schema parameter used directly in DDL. This issue has been patched in praisonai version 4.6.9 and praisonaiagents version 1.6.9.
AI Analysis
Technical Summary
PraisonAI versions before 4.6.9 and praisonaiagents before 1.6.9 contain multiple SQL injection vulnerabilities due to improper neutralization of special elements in SQL commands (CWE-89). While the fix for a related CVE (2026-40315) added input validation only to the SQLiteConversationStore, nine other database backends continue to pass unvalidated user input (table_prefix and schema parameters) directly into SQL f-strings, resulting in 52 injection points. This allows attackers with at least low privileges to inject malicious SQL commands, potentially leading to high confidentiality and integrity impacts. The vulnerability has been patched in the specified versions.
Potential Impact
Successful exploitation of this vulnerability can lead to unauthorized disclosure and modification of data within the affected PraisonAI system, as indicated by the CVSS vector (Confidentiality and Integrity impacts are high, Availability impact is none). Attackers with low privileges and no user interaction required can exploit the injection points to execute arbitrary SQL commands. No known exploits are currently reported in the wild.
Mitigation Recommendations
This vulnerability has been patched in PraisonAI version 4.6.9 and praisonaiagents version 1.6.9. Users should upgrade to these or later versions to remediate the issue. Patch status is not explicitly stated beyond the version fix; therefore, verify with the vendor advisory for the latest remediation guidance. No additional mitigation steps are indicated by the vendor advisory.
CVE-2026-41496: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in MervinPraison PraisonAI
Description
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass table_prefix straight into f-string SQL. Same root cause, same code pattern, same exploitation. 52 unvalidated injection points across the codebase. postgres.py additionally accepts an unvalidated schema parameter used directly in DDL. This issue has been patched in praisonai version 4.6.9 and praisonaiagents version 1.6.9.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
PraisonAI versions before 4.6.9 and praisonaiagents before 1.6.9 contain multiple SQL injection vulnerabilities due to improper neutralization of special elements in SQL commands (CWE-89). While the fix for a related CVE (2026-40315) added input validation only to the SQLiteConversationStore, nine other database backends continue to pass unvalidated user input (table_prefix and schema parameters) directly into SQL f-strings, resulting in 52 injection points. This allows attackers with at least low privileges to inject malicious SQL commands, potentially leading to high confidentiality and integrity impacts. The vulnerability has been patched in the specified versions.
Potential Impact
Successful exploitation of this vulnerability can lead to unauthorized disclosure and modification of data within the affected PraisonAI system, as indicated by the CVSS vector (Confidentiality and Integrity impacts are high, Availability impact is none). Attackers with low privileges and no user interaction required can exploit the injection points to execute arbitrary SQL commands. No known exploits are currently reported in the wild.
Mitigation Recommendations
This vulnerability has been patched in PraisonAI version 4.6.9 and praisonaiagents version 1.6.9. Users should upgrade to these or later versions to remediate the issue. Patch status is not explicitly stated beyond the version fix; therefore, verify with the vendor advisory for the latest remediation guidance. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-20T16:14:19.009Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fdede4cbff5d8610dd27a5
Added to database: 5/8/2026, 2:06:28 PM
Last enriched: 5/8/2026, 2:22:44 PM
Last updated: 5/9/2026, 3:48:43 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.