CVE-2026-40154 | MervinPraison PraisonAI up to 4.5.127 inclusion of functionality from untrusted control sphere (GHSA-pv9q-275h-rh7x)

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability described as critical has been identified in MervinPraison PraisonAI up to 4.5.127. This affects an unknown function. The manipulation results in inclusion of functionality from untrusted control sphere.

This vulnerability is known as CVE-2026-40154. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-40154 | MervinPraison PraisonAI up to 4.5.127 inclusion of functionality from untrusted control sphere (GHSA-pv9q-275h-rh7x)

Post correlati

CVE-2025-48734 | Apache Commons BeanUtils up to 1.10.x/2.0.0-/1 org.apache.commons getProperty access control

CVE-2025-56795 | hay-kot Mealie up to 3.0.1 /api/recipes/ note/text cross site scripting (Issue 5677)

CVE-2026-3666 | tomdever wpForo Forum Plugin up to 2.4.16 on WordPress Path path traversal

CVE-2024-53586 | WebFileSys 2.31.0 relPath path traversal