CVE-2026-34939
Published: 03 April 2026
Summary
CVE-2026-34939 is a medium-severity Inefficient Regular Expression Complexity (CWE-1333) vulnerability in Praison Praisonai. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application Exhaustion Flood (T1499.003); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validation of information inputs, directly addressing the lack of validation or sanitization of caller-supplied strings before Python regex compilation to prevent catastrophic backtracking.
SC-5 protects against denial-of-service events like resource exhaustion from ReDoS attacks by limiting effects of crafted regex inputs that block Python threads.
SC-6 ensures resource availability through allocation techniques such as timeouts or CPU limits, mitigating prolonged thread blocking from excessive regex backtracking.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables an attacker to supply a crafted regex string causing catastrophic backtracking and resource exhaustion in the Python re engine, directly facilitating T1499.003 Application Exhaustion Flood to achieve denial of service.
NVD Description
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python…
more
thread for hundreds of seconds and causing a complete service outage. This issue has been patched in version 4.5.90.
Deeper analysisAI
CVE-2026-34939 affects PraisonAI, a multi-agent teams system, specifically in the MCPToolIndex.search_tools() function prior to version 4.5.90. The vulnerability arises from compiling a caller-supplied string directly as a Python regular expression without validation, sanitization, or timeout mechanisms. This enables catastrophic backtracking in the Python re engine, which can block the Python thread for hundreds of seconds and result in a complete service outage. The issue is classified under CWE-1333 with a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
An attacker with low privileges (PR:L) can exploit this over the network (AV:N) with low complexity and no user interaction required. By supplying a crafted regex string to the search_tools() function, the attacker triggers excessive backtracking, consuming CPU resources and halting the affected Python thread, leading to denial-of-service that impacts service availability across the system.
The vulnerability has been addressed in PraisonAI version 4.5.90. Security practitioners should upgrade to this version or later. Additional details are available in the GitHub Security Advisory at https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8w9j-hc3g-3g7f.
As a multi-agent teams system, PraisonAI has relevance to AI/ML workflows, where tool indexing functions like this may be invoked in agent coordination scenarios. No public reports of real-world exploitation are available as of the CVE publication on 2026-04-03.
Details
- CWE(s)