Cyber Resilience

CVE-2026-44339

HighPublic PoC

Published: 08 May 2026

Published
08 May 2026
Modified
08 May 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
EPSS Score 0.0036 28.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-44339 is a high-severity Unsafe Reflection (CWE-470) vulnerability in Praison Praisonai. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after it fails to match the declared tool list and the registry. With the default…

more

agent configuration, _perm_allow is None, so undeclared non-dangerous tool names are not rejected by the permission gate. An attacker who can influence tool-call names can therefore invoke unintended application callables that were never declared as tools. This issue has been patched in praisonai version 4.6.37 and praisonaiagents version 1.6.37.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Vulnerability allows attacker-controlled tool names to resolve to and invoke arbitrary Python callables/globals, directly enabling Python code execution via T1059.006.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40287Same product: Praison Praisonai
CVE-2026-40288Same product: Praison Praisonai
CVE-2026-40289Same product: Praison Praisonai
CVE-2026-41496Same product: Praison Praisonai
CVE-2026-40158Same product: Praison Praisonai
CVE-2026-39891Same product: Praison Praisonai
CVE-2026-39888Same product: Praison Praisonai
CVE-2026-40156Same product: Praison Praisonai
CVE-2026-34938Same product: Praison Praisonaiagents
CVE-2026-44334Same product: Praison Praisonai

Affected Assets

praison
praisonai
≤ 4.6.37
praison
praisonaiagents
≤ 1.6.37

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-470

Externally controlled class or code selection can be resolved and invoked inside the chamber, surfacing unsafe reflection without system impact.

References