CVE-2026-39890
published 2026-04-08CVE-2026-39890: PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.58%
43.3th percentile
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (RCE) on the server. This vulnerability is fixed in 4.5.115.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mervinpraison | praisonai | < 4.5.115 | 4.5.115 |
| mervinpraison | praisonai | >= 0 < 4.5.115 | 4.5.115 |
| praison | praisonai | <= 4.5.114 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unsafe YAML parsing via js-yaml with dangerous tags such as !!js/function or !!js/undefined in agent definition files uploaded to PraisonAI API endpoints ↗
- →Monitor API endpoints accepting agent definition file uploads for YAML payloads containing !!js/function or !!js/undefined tags, which indicate exploitation attempts ↗
- ·Vulnerability exists in PraisonAI versions prior to 4.5.115; the fix is available in version 4.5.115. Upgrade to remediate unsafe YAML deserialization in AgentService.loadAgentFromFile. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
ghsa·2026-04-08
CVE-2026-39890 [CRITICAL] CWE-502 PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
## Summary
The `AgentService.loadAgentFromFile` method uses the `js-yaml` library to parse YAML files without disabling dangerous tags (such as `!!js/function` and `!!js/undefined`). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (RCE) on the server.
## Details
The vulnerability exists in the YAML deserialization process. The `js-yaml` library's `load` function is used without specifying a safe schema (e.g., `JSON_SCHEMA` or `DEFAULT_SAFE_SCHEMA`). This enables the parsing of JavaScript
OSV
PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
osv·2026-04-08
CVE-2026-39890 [CRITICAL] PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
## Summary
The `AgentService.loadAgentFromFile` method uses the `js-yaml` library to parse YAML files without disabling dangerous tags (such as `!!js/function` and `!!js/undefined`). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (RCE) on the server.
## Details
The vulnerability exists in the YAML deserialization process. The `js-yaml` library's `load` function is used without specifying a safe schema (e.g., `JSON_SCHEMA` or `DEFAULT_SAFE_SCHEMA`). This enables the parsing of JavaScript
No detection rules found.
No public exploits indexed.
2026-04-08
Published