CVE-2026-34934
published 2026-04-03CVE-2026-34934: PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.53%
40.9th percentile
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application loads the thread list, the injected payload executes and grants full database access. This issue has been patched in version 4.5.90.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mervinpraison | praisonai | < 4.5.90 | 4.5.90 |
| mervinpraison | praisonai | >= 0 < 4.5.90 | 4.5.90 |
| praison | praisonai | < 4.5.90 | 4.5.90 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
ghsa·2026-04-01
CVE-2026-34934 [CRITICAL] CWE-89 PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
## Summary
The `get_all_user_threads` function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via `update_thread`. When the application loads the thread list, the injected payload executes and grants full database access.
---
## Details
**File Path:**
`src/praisonai/praisonai/ui/sql_alchemy.py`
**Flow:**
- **Source (Line 539):**
```python
await data_layer.update_thread(thread_id=payload, user_id=user)
```
- **Hop (Line 547):**
```python
thread_ids = "('" + "','".join([t["thread_id"] for t in user_threads]) + "')"
```
- **Sink (Line 576):**
```sql
WHERE s."threadId" IN {thread_ids}
```
---
## Proof of Concept (PoC)
```python
OSV
PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
osv·2026-04-01
CVE-2026-34934 [CRITICAL] PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
## Summary
The `get_all_user_threads` function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via `update_thread`. When the application loads the thread list, the injected payload executes and grants full database access.
---
## Details
**File Path:**
`src/praisonai/praisonai/ui/sql_alchemy.py`
**Flow:**
- **Source (Line 539):**
```python
await data_layer.update_thread(thread_id=payload, user_id=user)
```
- **Hop (Line 547):**
```python
thread_ids = "('" + "','".join([t["thread_id"] for t in user_threads]) + "')"
```
- **Sink (Line 576):**
```sql
WHERE s."threadId" IN {thread_ids}
```
---
## Proof of Concept (PoC)
```python
No detection rules found.
No public exploits indexed.
2026-04-03
Published