PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

Description

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass table_prefix straight into f-string SQL. Same root cause, same code pattern, same exploitation. 52 unvalidated injection points across the codebase. postgres.py additionally accepts an unvalidated schema parameter used directly in DDL. This issue has been patched in praisonai version 4.6.9 and praisonaiagents version 1.6.9.

Affected Products

Vendor	Product	Versions
praison	praisonai	pip/praisonai: <= 4.5.148, pip/praisonaiagents: <= 1.6.7

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
pip	praisonaiagents	GHSA	85%
praison	praisonaiagents	cve_cpe	95%

References

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-rg3h-x3jw-7jm5(x_refsource_CONFIRM)

Related News (1 articles)

Tier C

VulDB6d ago

CVE-2026-41496 | MervinPraison PraisonAI table_prefix sql injection (GHSA-rg3h-x3jw-7jm5)

→ No new info (linked only)

CVSS 3.18.1 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

praisonai@4.5.149praisonaiagents@1.6.8

CWECWE-89

PublishedApr 17, 2026

Last enriched5d agov2

PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

Description

Affected Products

Also Affects

References

Related News (1 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History