CVE-2026-39890
Remote Code Execution via Unsafe YAML Parsing in PraisonAI AgentService
Publication date: 2026-04-08
Last updated on: 2026-04-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| praison | praisonai | to 4.5.114 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in PraisonAI versions prior to 4.5.115 in the AgentService.loadAgentFromFile method. It uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code on the server.
An attacker can exploit this by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (RCE) on the server.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an attacker to execute arbitrary JavaScript code remotely on the server hosting PraisonAI. This can lead to full compromise of the server, including unauthorized access, data theft, data manipulation, service disruption, or further attacks within the network.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade PraisonAI to version 4.5.115 or later, where the issue with unsafe YAML parsing has been fixed.
Avoid uploading untrusted or unauthenticated agent definition files to the API endpoint until the update is applied.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows remote code execution on the server by exploiting the parsing of malicious YAML files. Such unauthorized code execution can lead to unauthorized access, data breaches, and potential manipulation or exposure of sensitive information.
Consequently, this can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.
Failure to address this vulnerability could result in violations of these regulations due to compromised confidentiality, integrity, and availability of data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for the upload and parsing of malicious YAML files containing dangerous tags such as !!js/function or !!js/undefined in the PraisonAI system, specifically targeting the AgentService.loadAgentFromFile method.
One way to detect exploitation attempts is to look for unusual files or API requests that include YAML payloads with these dangerous tags.
For example, you can search for files containing the !!js/function tag by running commands like:
- grep -r '!!js/function' /path/to/agent/files
- grep -r '!!js/undefined' /path/to/agent/files
Additionally, monitoring API logs for upload requests containing suspicious YAML content or unexpected commands can help detect attempts.
If you have access to the server, you can also check for artifacts of exploitation such as the presence of files created by malicious payloads, for example:
- ls -l /tmp/pwned
To prevent exploitation, ensure the PraisonAI version is updated to 4.5.115 or later, where the vulnerability is fixed by using safe YAML parsing schemas.