cvedb.io
CVE-2026-44337
MEDIUM · CVSS 6.3
EPSS exploitation probability: 0%
Published 2026-05-08T14:16:46.587 · Last modified 2026-06-17T10:50:31.487

Summary

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34.

Affected products

praison — praisonai

Does this affect you?

Add your gear to cvedb and we'll alert you only when praison ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.