CVE-2026-40154 - Vulnerability Analysis
CriticalCVSS: 9.3Last Updated: April 9, 2026
PraisonAI - Template Injection
Overview
PraisonAI < 4.5.128 contains a template injection caused by treating remotely fetched template files as trusted executable code without integrity verification or origin validation, letting remote attackers execute malicious templates, exploit requires remote template fetching.
Severity & Score
Impact
Remote attackers can execute malicious templates, potentially leading to remote code execution and full system compromise.
Mitigation
Upgrade to version 4.5.128 or later.
Social Media Activity(2 posts)
š“ New security advisory: CVE-2026-40154 affects multiple systems. ā¢ Impact: Remote code execution or complete system compromise possible ā¢ Risk: Attackers can gain full control of affected systems ā¢ Mitigation: Patch immediately or isolate affected systems Full breakdown: https://www.yazoul.net/advisory/cve/cve-2026-40154-praisonai-remote-code-execution #Cybersecurity #SecurityPatching #HackerNews
View original post
š“ CVE-2026-40154 - Critical (9.3) PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through m... š https://www.thehackerwire.com/vulnerability/CVE-2026-40154/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-40154
- Severity
- Critical
- CVSS Score
- 9.3
- Type
- template_injection
- Status
- new
- EPSS
- 3.1%
- Social Posts
- 2
CWE
- CWE-829
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N