CVE-2026-40154
Published: 09 April 2026
Summary
CVE-2026-40154 is a critical-severity Inclusion of Functionality from Untrusted Control Sphere (CWE-829) vulnerability in Praison Praisonai. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Supply Chain Compromise (T1195); ranked at the 10.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires verification of component authenticity prior to use or installation, directly addressing the lack of origin validation and integrity checks for remotely fetched templates.
Mandates integrity verification of software and information such as remote templates before execution, mitigating execution of unverified malicious code.
Enforces use of digitally signed components and prohibits those from untrusted sources, preventing trust of malicious remote templates as executable code.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables supply chain attacks via untrusted remote templates (T1195) and arbitrary code execution in PraisonAI (T1059).
NVD Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in 4.5.128.
Deeper analysisAI
CVE-2026-40154 affects PraisonAI, a multi-agent teams system, in versions prior to 4.5.128. The vulnerability arises because PraisonAI treats remotely fetched template files as trusted executable code without performing integrity verification, origin validation, or user confirmation. This flaw, classified under CWE-829 (Inclusion of Functionality from Untrusted Control Sphere), enables supply chain attacks through malicious templates and carries a CVSS v3.1 base score of 9.3 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N).
An attacker can exploit this vulnerability remotely over the network with low complexity and no required privileges, though it necessitates user interaction, such as a user fetching a malicious template. Successful exploitation allows the attacker to execute arbitrary code in the context of PraisonAI, achieving high impacts on confidentiality and integrity with a changed scope, potentially compromising the system's security and enabling broader supply chain compromise.
The GitHub security advisory (GHSA-pv9q-275h-rh7x) confirms that the vulnerability is fixed in PraisonAI version 4.5.128. Security practitioners should update to this version or later to mitigate the issue, ensuring that template fetching includes proper validation mechanisms.
Details
- CWE(s)