Vulnerability Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The _sanitize_html function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml. When nh3 is absent (the default installation), the sanitizer is a no-op that returns HTML unchanged. An attacker who can influence agent input (via RAG data poisoning, web scraping results, or prompt injection) can inject arbitrary JavaScript that executes in the browser of anyone viewing the API output. This vulnerability is fixed in 4.5.128.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Praison | Praisonai | < 4.5.128 |
Related Weaknesses (CWE)
References
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfg2-mxfj-j6ExploitVendor Advisory
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfg2-mxfj-j6ExploitVendor Advisory
FAQ
What is CVE-2026-40112?
CVE-2026-40112 is a vulnerability with a CVSS score of 5.4 (MEDIUM). PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The _sanitize_html function relie...
How severe is CVE-2026-40112?
CVE-2026-40112 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-40112?
Check the references section above for vendor advisories and patch information. Affected products include: Praison Praisonai.