CVE-2026-56077

Publié : 18 juin 2026

Modifié : 18 juin 2026

Score CVSS

6.5

MEDIUM

Description détaillée

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Références et Patchs

https://github.com/MervinPraison/PraisonAI https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-766v-q9x3-g744 https://www.vulncheck.com/advisories/praisonai-information-disclosure-via-shared-multiagentledger-state

Dernières Vulnérabilités

CVE-2026-52866

An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection.

VOIR DÉTAILS

CVE-2026-50034

An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values.

VOIR DÉTAILS

CVE-2026-40624

Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras may allow a remote, unauthenticated attacker to achieve arbitrary code execution via a specially crafted web request.

VOIR DÉTAILS