CVE-2026-56074
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
PraisonAI versions before 1.5.128 cache tool approval decisions based only on tool name, not invocation arguments, allowing subsequent execute_command calls to bypass approval prompts.
Risk Assessment
Attackers can exploit this vulnerability by obtaining initial approval for a benign command, then silently exfiltrate API keys and credentials via subsequent shell commands without user consent.
Recommendation
It is recommended to upgrade to version 1.5.128 or later to mitigate this vulnerability and implement additional verification mechanisms for execute_command calls.
Original NVD description (English source)
PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and credentials via subsequent shell commands without user consent.

