CVE-2026-44337
SQL Injection in PraisonAI Knowledge-Store Backend
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| praison | praisonai | From 2.4.1 (inc) to 4.6.34 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade PraisonAI to version 4.6.34 or later, where the vulnerability has been patched.
If immediate upgrade is not possible, ensure that applications do not pass untrusted or user-controlled collection names to the knowledge-store backends to prevent injection.
- Validate and sanitize all collection name inputs before they reach the SQL/CQL query construction layer.
- Implement strict input validation and use parameterized queries or prepared statements where possible.
- Monitor database and application logs for suspicious activity and respond promptly to any detected injection attempts.
Can you explain this vulnerability to me?
CVE-2026-44337 is a security vulnerability in PraisonAI's knowledge-store backends where unvalidated collection names are directly used to build SQL and CQL queries. This improper input validation allows attackers to inject malicious SQL or CQL commands, potentially manipulating the database.
The affected versions range from 2.4.1 to before 4.6.34, and the issue has been patched in version 4.6.34.
The vulnerability specifically impacts the `KnowledgeStore` interface implementations for PostgreSQL (pgvector), Cassandra, and SingleStore, where table and index identifiers are constructed from untrusted collection names without proper sanitization.
How can this vulnerability impact me? :
This vulnerability can lead to SQL or CQL injection attacks, which may result in malformed queries, unauthorized access to data, and unintended execution of commands on the database.
Such impacts can compromise the confidentiality, integrity, and availability of the affected system's data.
The CVSS score of 6.3 indicates a moderate severity, reflecting these potential impacts.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying whether your PraisonAI deployment uses vulnerable versions (2.4.1 to before 4.6.34) with knowledge-store backends that accept untrusted collection names. Since the issue is related to SQL/CQL injection via unvalidated inputs, monitoring for unusual or malformed SQL/CQL queries targeting the knowledge-store backends can help detect exploitation attempts.
You can check the version of PraisonAI installed by running commands to query the application version or inspecting deployment metadata.
- Check PraisonAI version: Use application-specific commands or check version files/configuration to confirm if the version is between 2.4.1 and 4.6.33.
- Monitor database logs (PostgreSQL, Cassandra, SingleStore) for suspicious queries containing unexpected or malformed table/index names that could indicate injection attempts.
- Use network monitoring tools to capture and analyze traffic to the database backends for anomalous query patterns.
Specific commands depend on your environment, but examples include:
- For PostgreSQL logs: `grep -i 'select' /var/log/postgresql/postgresql.log | grep -E "[;'"]"` to find queries with suspicious characters.
- For Cassandra logs: `grep -i 'query' /var/log/cassandra/system.log | grep -E "[;'"]"`.
- Check application logs for errors related to malformed SQL/CQL queries.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in PraisonAI allows SQL or CQL injection through unvalidated collection names, which can lead to unauthorized data access and unintended command execution.
Such unauthorized access and potential data breaches could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access and ensuring data integrity.
Therefore, if exploited, this vulnerability may cause organizations using affected versions of PraisonAI to fail in meeting these regulatory requirements.