{"data":{"id":"4dccfad7-6500-41d0-9829-338ecf6c46f1","title":"GHSA-vg22-4gmj-prxw: PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution","summary":"PraisonAI's example A2A server (a type of agent-to-agent communication system) has a critical vulnerability where unauthenticated remote clients can execute arbitrary Python code. The vulnerability exists because the example exposes the server without authentication, binds it to all network interfaces (0.0.0.0), and registers a 'calculate' tool that uses Python's eval() function (which executes any code passed to it as a string). An attacker can send a specially crafted request that tricks the AI model into calling this unsafe tool, leading to RCE (remote code execution).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-vg22-4gmj-prxw","publishedAt":"2026-05-29T22:31:26.000Z","cveId":"CVE-2026-47391","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":["PraisonAI@<= 4.6.39 (fixed: 4.6.40)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["PraisonAI","Google Gemini"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-29T22:31:26.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0051"]}}