CVE-2026-40315
SQL Identifier Injection in PraisonAI SQLiteConversationStore Enables Data Manipulation
Publication date: 2026-04-14
Last updated on: 2026-04-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| praison | praisonai | to 4.5.133 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-40315 is an SQL identifier injection vulnerability in the PraisonAI system prior to version 4.5.133. The issue arises because the configuration value 'table_prefix' is directly concatenated into SQL queries without any validation or sanitization. Since SQL identifiers cannot be safely parameterized, an attacker who can control the 'table_prefix' value can inject arbitrary SQL fragments that alter the structure of SQL queries.
This vulnerability allows an attacker to manipulate SQL queries to access unauthorized data, such as internal SQLite tables like 'sqlite_master', and to tamper with query results using techniques like UNION-based injection. The vulnerability originates from untrusted configuration input that propagates through the system and is used unsafely in SQL query construction.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of internal database schema information and manipulation of query results. An attacker exploiting this flaw can read sensitive internal SQLite tables and alter the data returned by queries, potentially gaining access to data they should not see or corrupting the data returned by the system.
Successful exploitation requires the attacker to influence configuration input, but once exploited, it can compromise the integrity and confidentiality of the data managed by PraisonAI.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking whether the PraisonAI system is using a vulnerable version prior to 4.5.133 and whether the configuration input allows untrusted control over the table_prefix parameter.
One practical approach is to inspect the configuration files or inputs (such as YAML or dictionary configurations) for suspicious or unexpected values in the table_prefix field that contain SQL fragments or special characters outside of alphanumeric and underscore characters.
Since the vulnerability is related to SQL identifier injection via the table_prefix, you can also monitor or log SQL queries constructed by the application to detect unusual query structures or UNION-based injections.
Suggested commands include:
- Grep or search configuration files for table_prefix values containing suspicious characters: grep -r 'table_prefix' /path/to/configs | grep -v '^[a-zA-Z0-9_]*$'
- Check the version of PraisonAI installed: python -m pip show praisonai (and verify it is >= 4.5.133)
- Enable and review application logs for SQL query anomalies or errors indicating malformed queries.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade PraisonAI to version 4.5.133 or later, where the vulnerability has been fixed by enforcing strict validation on the table_prefix parameter.
If immediate upgrade is not possible, ensure that the table_prefix configuration value is strictly validated to contain only alphanumeric characters and underscores, rejecting any input with other characters.
Additionally, restrict or sanitize any external configuration inputs that influence the table_prefix parameter to prevent attacker-controlled injection.
Implement monitoring for unusual SQL query patterns and consider adding authentication tokens to the server configuration to enhance security, as the fix also includes generating temporary auth tokens if none are provided.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker to inject arbitrary SQL fragments through the table_prefix configuration, leading to unauthorized data access and manipulation of query results.
Such unauthorized access and potential disclosure of internal database schema and data could lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls over access to sensitive and personal data.
By enabling attackers to read internal SQLite tables and tamper with query results, the vulnerability undermines data confidentiality and integrity, key principles enforced by these standards.