PraisonAI SQL Injection (CVE-2026-34934)

Patch now - CVE-2026-34934 is a critical unauthenticated remote SQL injection in PraisonAI multi-agent teams versions prior to 4.5.90 that grants attackers full read/write access to the application database, enabling theft of AI agent configurations, data destruction, and potential privilege escalation within the hosting environment. Upgrade to version 4.5.90 or later immediately to block exploitation.

Overview

A critical SQL injection vulnerability, CVE-2026-34934, exists in the PraisonAI multi-agent teams system. The flaw allows unauthenticated remote attackers to execute arbitrary SQL commands on the application’s database, potentially leading to a complete system compromise. Versions prior to 4.5.90 are affected.

Vulnerability Details

The vulnerability resides in the get_all_user_threads function. This function constructs raw SQL queries using Python f-strings, directly incorporating user-controlled data without proper sanitization or the use of parameterized queries. Specifically, the function uses thread IDs fetched from the database, which an attacker can first poison by storing a malicious payload via the update_thread function. When the application later loads a list of threads, the poisoned ID is incorporated into a new SQL query, causing the attacker’s payload to execute.

Impact

With a CVSS score of 9.8, this vulnerability is highly severe due to its network accessibility, lack of required privileges, and no need for user interaction. Successful exploitation grants an attacker full read/write access to the application’s database. This could lead to theft of sensitive data (including AI agent configurations and prompts), destruction of data, and further privilege escalation within the hosting environment. The flaw represents a direct path to a full breach of the PraisonAI system.

Remediation and Mitigation

The primary and only complete remediation is to upgrade PraisonAI to version 4.5.90 or later, where this vulnerability has been patched. Administrators should perform this update immediately.

If an immediate upgrade is not possible, consider the following temporary mitigation strategies:

• Network Controls: Restrict network access to the PraisonAI application to only trusted IP addresses, minimizing the attack surface.
• Input Validation: Implement rigorous input validation on all endpoints, particularly the update_thread function, to reject any data containing SQL meta-characters. Treat this as a temporary workaround only.

Organizations should review their PraisonAI instances for any signs of anomalous database activity or unexpected data changes.

Security Insight

This vulnerability highlights the persistent danger of foundational security failures, like SQL injection, in cutting-edge AI platforms. It serves as a stark reminder that advanced tooling does not negate the need for secure coding fundamentals. As discussed in the article on The Hidden Cost of Cybersecurity Specialization, an over-focus on novel threats can lead to the neglect of basic, yet critical, vulnerabilities that remain highly exploitable.

Further Reading

• AI SOC Agent Hype Masks Growing Secrets Sprawl Crisis
• The Hidden Cost of Cybersecurity Specialization
• CyberStrikeAI tool adopted by hackers for AI-powered attacks
• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs