CVE-2026-41496

PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

Assigner: GitHub_M
Reserved: 20.04.2026 Published: 08.05.2026 Updated: 08.05.2026

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass table_prefix straight into f-string SQL. Same root cause, same code pattern, same exploitation. 52 unvalidated injection points across the codebase. postgres.py additionally accepts an unvalidated schema parameter used directly in DDL. This issue has been patched in praisonai version 4.6.9 and praisonaiagents version 1.6.9.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS Score: 8.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	MervinPraison
Product	PraisonAI
Versions	Version praisonaiagents < 1.6.9 is affected Version praisonai < 4.6.9 is affected

Vendor

MervinPraison

Product

PraisonAI

Versions

Version praisonaiagents < 1.6.9 is affected
Version praisonai < 4.6.9 is affected

References

Problem Types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE

CVE-2026-41496 PUBLISHED

PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

Metrics

Product Status

References

Problem Types