CVE-2026-44337
Analyzed Analyzed - Analysis Complete
SQL Injection in PraisonAI Knowledge-Store Backend

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: GitHub, Inc.

Description
PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-44337
EUVD
EUVD-2026-28640
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
praison praisonai From 2.4.1 (inc) to 4.6.34 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The primary mitigation step is to upgrade PraisonAI to version 4.6.34 or later, where the vulnerability has been patched.

If immediate upgrade is not possible, ensure that applications do not pass untrusted or user-controlled collection names to the knowledge-store backends to prevent injection.

  • Validate and sanitize all collection name inputs before they reach the SQL/CQL query construction layer.
  • Implement strict input validation and use parameterized queries or prepared statements where possible.
  • Monitor database and application logs for suspicious activity and respond promptly to any detected injection attempts.
Executive Summary

CVE-2026-44337 is a security vulnerability in PraisonAI's knowledge-store backends where unvalidated collection names are directly used to build SQL and CQL queries. This improper input validation allows attackers to inject malicious SQL or CQL commands, potentially manipulating the database.

The affected versions range from 2.4.1 to before 4.6.34, and the issue has been patched in version 4.6.34.

The vulnerability specifically impacts the `KnowledgeStore` interface implementations for PostgreSQL (pgvector), Cassandra, and SingleStore, where table and index identifiers are constructed from untrusted collection names without proper sanitization.

Impact Analysis

This vulnerability can lead to SQL or CQL injection attacks, which may result in malformed queries, unauthorized access to data, and unintended execution of commands on the database.

Such impacts can compromise the confidentiality, integrity, and availability of the affected system's data.

The CVSS score of 6.3 indicates a moderate severity, reflecting these potential impacts.

Detection Guidance

Detection of this vulnerability involves identifying whether your PraisonAI deployment uses vulnerable versions (2.4.1 to before 4.6.34) with knowledge-store backends that accept untrusted collection names. Since the issue is related to SQL/CQL injection via unvalidated inputs, monitoring for unusual or malformed SQL/CQL queries targeting the knowledge-store backends can help detect exploitation attempts.

You can check the version of PraisonAI installed by running commands to query the application version or inspecting deployment metadata.

  • Check PraisonAI version: Use application-specific commands or check version files/configuration to confirm if the version is between 2.4.1 and 4.6.33.
  • Monitor database logs (PostgreSQL, Cassandra, SingleStore) for suspicious queries containing unexpected or malformed table/index names that could indicate injection attempts.
  • Use network monitoring tools to capture and analyze traffic to the database backends for anomalous query patterns.

Specific commands depend on your environment, but examples include:

  • For PostgreSQL logs: `grep -i 'select' /var/log/postgresql/postgresql.log | grep -E "[;'"]"` to find queries with suspicious characters.
  • For Cassandra logs: `grep -i 'query' /var/log/cassandra/system.log | grep -E "[;'"]"`.
  • Check application logs for errors related to malformed SQL/CQL queries.
Compliance Impact

The vulnerability in PraisonAI allows SQL or CQL injection through unvalidated collection names, which can lead to unauthorized data access and unintended command execution.

Such unauthorized access and potential data breaches could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access and ensuring data integrity.

Therefore, if exploited, this vulnerability may cause organizations using affected versions of PraisonAI to fail in meeting these regulatory requirements.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44337. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart