CVE-2026-56077
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk17th percentile — higher than 17% of all known CVEs
Summary
PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. The lack of agent ID uniqueness enforcement enables sharing ledger instances and exposing system prompts and conversation history between agents.
Risk Assessment
Organizations may be exposed to sensitive data disclosure, potentially leading to privacy breaches and information security issues. Attackers could exploit this vulnerability to manipulate data and interactions between agents.
Recommendation
It is recommended to upgrade to version 1.5.115 or later to mitigate this vulnerability. Additionally, implementing mechanisms to verify the uniqueness of agent IDs is advisable.
Original NVD description (English source)
PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents.

