Information Exposure Affecting praisonai package, versions [3.8.1,4.6.59)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PYTHON-PRAISONAI-17660627
- published27 Jun 2026
- disclosed18 Jun 2026
- creditUnknown
Introduced: 18 Jun 2026
NewCVE-2026-56833 (opens in a new tab)How to fix?
Upgrade PraisonAI to version 4.6.59 or higher.
Overview
PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.
Affected versions of this package are vulnerable to Information Exposure via the history_tail, history_get, terminal_tail, and terminal_grep functions when user-supplied run_id and agent_id values are used to construct file paths without proper validation. An attacker can access sensitive files outside the intended storage directory by supplying crafted path traversal values.