{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T12:34:51.513","vulnerabilities":[{"cve":{"id":"CVE-2026-40156","sourceIdentifier":"security-advisories@github.com","published":"2026-04-10T17:17:13.297","lastModified":"2026-04-13T16:16:32.137","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_from_file_location and immediately executes module-level code via spec.loader.exec_module() without explicit user consent, validation, or sandboxing. The tools.py file is loaded implicitly, even when it is not referenced in configuration files or explicitly requested by the user. As a result, merely placing a file named tools.py in the working directory is sufficient to trigger code execution. This behavior violates the expected security boundary between user-controlled project files (e.g., YAML configurations) and executable code, as untrusted content in the working directory is treated as trusted and executed automatically. If an attacker can place a malicious tools.py file into a directory where a user or automated system (e.g., CI/CD pipeline) runs praisonai, arbitrary code execution occurs immediately upon startup, before any agent logic begins.  This vulnerability is fixed in 4.5.128."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-426"},{"lang":"en","value":"CWE-829"}]}],"references":[{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2g3w-cpc4-chr4","source":"security-advisories@github.com"},{"url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2g3w-cpc4-chr4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}