{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34934", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-31T17:27:08.660Z", "datePublished": "2026-04-03T22:49:12.947Z", "dateUpdated": "2026-04-06T13:16:17.048Z"}, "containers": {"cna": {"title": "PraisonAI: Second-Order SQL Injection in `get_all_user_threads`", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9cq8-3v94-434g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9cq8-3v94-434g"}], "affected": [{"vendor": "MervinPraison", "product": "PraisonAI", "versions": [{"version": "< 4.5.90", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:49:12.947Z"}, "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application loads the thread list, the injected payload executes and grants full database access. This issue has been patched in version 4.5.90."}], "source": {"advisory": "GHSA-9cq8-3v94-434g", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T13:16:07.406374Z", "id": "CVE-2026-34934", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T13:16:17.048Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34934", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-06T13:16:07.406374Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T13:16:13.162Z"}}], "cna": {"title": "PraisonAI: Second-Order SQL Injection in `get_all_user_threads`", "source": {"advisory": "GHSA-9cq8-3v94-434g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "MervinPraison", "product": "PraisonAI", "versions": [{"status": "affected", "version": "< 4.5.90"}]}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9cq8-3v94-434g", "name": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9cq8-3v94-434g", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application loads the thread list, the injected payload executes and grants full database access. This issue has been patched in version 4.5.90."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:49:12.947Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34934", "state": "PUBLISHED", "dateUpdated": "2026-04-06T13:16:17.048Z", "dateReserved": "2026-03-31T17:27:08.660Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-03T22:49:12.947Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*", "matchCriteriaId": "072B6350-7972-417B-8540-DAAFF3230EC7", "versionEndExcluding": "4.5.90", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application loads the thread list, the injected payload executes and grants full database access. This issue has been patched in version 4.5.90."}], "id": "CVE-2026-34934", "lastModified": "2026-04-14T18:15:14.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-03T23:17:05.533", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9cq8-3v94-434g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.5.90)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PraisonAI", "source": "cna", "vendor": "MervinPraison"}, "product": "praisonai", "vendor": "mervinpraison"}], "analysis": {"en": {"generated_at": "2026-04-14T21:47:45.334059+00:00", "value": {"mitigation_remediation": ["Upgrade PraisonAI to version 4.5.90 or later.", "Restrict or disable the update_thread function for users who do not need to modify threads.", "Ensure all thread IDs are validated and sanitized before being used in SQL queries.", "Monitor database logs for anomalous query patterns that may indicate injection attempts.", "Verify that the injection no longer triggers after applying the patch."], "summary": {"action": "Immediate Patch", "impact": "Database Compromise"}, "threat_synthesis": {"affected_systems": "The affected product is PraisonAI, developed by MervinPraison. All releases prior to version 4.5.90 implement the vulnerable logic in get_all_user_threads. The issue is triggered through the update_thread operation and is fixed by the patch shipped with version 4.5.90, which sanitizes thread IDs before inclusion in SQL statements.", "description_and_impact": "The vulnerability is a second\u2011order SQL injection that occurs in PraisonAI's get_all_user_threads function. Inside the function raw SQL queries are built with f\u2011strings that embed thread IDs retrieved from the database without escaping. An attacker can store a malicious thread ID via the update_thread endpoint. When the application later fetches the thread list, the injected payload is executed, giving the attacker unrestricted access to the database. This flaw is classified as CWE\u201189 and can compromise data confidentiality and integrity.", "risk_and_exploitability": "The CVSS score of 9.8 classifies this flaw as Critical, indicating that an attacker can fully compromise the database. The EPSS score is less than 1\u202f%, suggesting that exploit attempts are currently rare. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker needs the ability to send a request that stores a malicious thread ID via update_thread, but no additional privileges or pre\u2011existing session are required beyond normal API access. The likely attack vector is the API or web interface that accepts thread updates. The patch in version 4.5.90 removes the injection vector."}}}}, "created": "2026-04-06T21:21:57.262293+00:00", "updated": "2026-04-15T16:30:09.764845+00:00", "vendors": ["mervinpraison", "mervinpraison$PRODUCT$praisonai"]}