CVE-2026-40117: PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbi
Summary
PraisonAIAgents (a system that coordinates multiple AI agents working together) versions before 1.5.128 contain a vulnerability in the read_skill_file() function that allows reading any file from a computer's filesystem without restrictions. An attacker using prompt injection (tricking an AI by hiding instructions in its input) could exploit this to steal sensitive files, because unlike other file-reading functions in the same system, read_skill_file() lacks both boundary protections and approval requirements.
Solution / Mitigation
Update PraisonAIAgents to version 1.5.128 or later, where this vulnerability is fixed.
Vulnerability Details
6.2(medium)
EPSS: 0.0%
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
local
low
none
none
April 9, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-40117
First tracked: April 9, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 95%