GHSA-vg22-4gmj-prxw: PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
Summary
PraisonAI's example A2A server (a type of agent-to-agent communication system) has a critical vulnerability where unauthenticated remote clients can execute arbitrary Python code. The vulnerability exists because the example exposes the server without authentication, binds it to all network interfaces (0.0.0.0), and registers a 'calculate' tool that uses Python's eval() function (which executes any code passed to it as a string). An attacker can send a specially crafted request that tricks the AI model into calling this unsafe tool, leading to RCE (remote code execution).
Vulnerability Details
EPSS: 0.0%
Yes
May 29, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-vg22-4gmj-prxw
First tracked: May 29, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%