theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2026-40154

Published April 10, 2026 · Updated April 10, 2026

9.3CVSS
critical

What This Means

CVE-2026-40154 is a critical vulnerability in PraisonAI versions prior to 4.5.128, where the software improperly treats remotely fetched template files as trusted executable code without integrity or origin checks. This oversight allows malicious templates to be executed, facilitating potential supply chain attacks. Users must upgrade to version 4.5.128 or later to mitigate this risk.

Official Description+

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in 4.5.128.

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. Monitor vendor advisories for updates and additional mitigations.
  4. Review logs for indicators of compromise related to CVE-2026-40154.