{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40148", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-09T19:31:56.012Z", "datePublished": "2026-04-09T21:22:20.446Z", "dateUpdated": "2026-04-13T20:39:49.494Z"}, "containers": {"cna": {"title": "PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits", "problemTypes": [{"descriptions": [{"cweId": "CWE-409", "lang": "en", "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-f2h6-7xfr-xm8w", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-f2h6-7xfr-xm8w"}], "affected": [{"vendor": "MervinPraison", "product": "PraisonAI", "versions": [{"version": "< 4.5.128", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T21:22:20.446Z"}, "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall(). An attacker can publish a malicious recipe bundle containing highly compressible data (e.g., 10GB of zeros compressing to ~10MB) that exhausts the victim's disk when pulled via LocalRegistry.pull() or HttpRegistry.pull(). This vulnerability is fixed in 4.5.128."}], "source": {"advisory": "GHSA-f2h6-7xfr-xm8w", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:39:35.278170Z", "id": "CVE-2026-40148", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:39:49.494Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40148", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T20:39:35.278170Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:39:46.103Z"}}], "cna": {"title": "PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits", "source": {"advisory": "GHSA-f2h6-7xfr-xm8w", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "MervinPraison", "product": "PraisonAI", "versions": [{"status": "affected", "version": "< 4.5.128"}]}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-f2h6-7xfr-xm8w", "name": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-f2h6-7xfr-xm8w", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall(). An attacker can publish a malicious recipe bundle containing highly compressible data (e.g., 10GB of zeros compressing to ~10MB) that exhausts the victim's disk when pulled via LocalRegistry.pull() or HttpRegistry.pull(). This vulnerability is fixed in 4.5.128."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-409", "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T21:22:20.446Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40148", "state": "PUBLISHED", "dateUpdated": "2026-04-13T20:39:49.494Z", "dateReserved": "2026-04-09T19:31:56.012Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-09T21:22:20.446Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*", "matchCriteriaId": "56CDE5F5-B03C-4C3A-9A92-F61C9DFDA9B1", "versionEndExcluding": "4.5.128", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall(). An attacker can publish a malicious recipe bundle containing highly compressible data (e.g., 10GB of zeros compressing to ~10MB) that exhausts the victim's disk when pulled via LocalRegistry.pull() or HttpRegistry.pull(). This vulnerability is fixed in 4.5.128."}], "id": "CVE-2026-40148", "lastModified": "2026-04-17T17:38:43.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-09T22:16:35.600", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-f2h6-7xfr-xm8w"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-409"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.5.128)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PraisonAI", "source": "cna", "vendor": "MervinPraison"}, "product": "praisonai", "vendor": "mervinpraison"}], "analysis": {"en": {"generated_at": "2026-04-09T23:06:12.929327+00:00", "value": {"mitigation_remediation": ["Upgrade PraisonAI to version 4.5.128 or later.", "Restrict registry pulls to trusted sources and enforce size limits before extraction if an upgrade cannot be performed immediately.", "Consider disabling automatic pulling of recipe bundles until the vulnerability is patched."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "MervinPraison PraisonAI releases prior to version 4.5.128 are affected. All versions before this release contain the flaw; the defect is corrected in 4.5.128, which removes the size\u2011limit oversight.", "description_and_impact": "The vulnerability is located in PraisonAI's recipe registry extraction routine. The _safe_extractall function validates archive members against path traversal attacks but does not check individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can craft a recipe bundle containing highly compressible data that expands to tens of gigabytes during extraction, exhausting the victim\u2019s disk space when pulled via LocalRegistry.pull or HttpRegistry.pull, and thereby causing a denial of service for the application and the host.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity. No EPSS score is available and the issue is not listed in the CISA KEV catalog. Exploitation requires an authorized pull of a malicious recipe bundle from a registry that the user trusts, either local or via HTTP. The attack is straightforward: an attacker needs only to host or provide such a bundle and have it pulled; no authentication bypass or privilege escalation is required."}}}}, "created": "2026-04-10T08:38:10.347299+00:00", "updated": "2026-04-10T09:28:52.958316+00:00", "vendors": ["mervinpraison", "mervinpraison$PRODUCT$praisonai"]}