CVE Catalog

CVE-2026-56077

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile — higher than 17% of all known CVEs

Summary

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. The lack of agent ID uniqueness enforcement enables sharing ledger instances and exposing system prompts and conversation history between agents.

Risk Assessment

Organizations may be exposed to sensitive data disclosure, potentially leading to privacy breaches and information security issues. Attackers could exploit this vulnerability to manipulate data and interactions between agents.

Recommendation

It is recommended to upgrade to version 1.5.115 or later to mitigate this vulnerability. Additionally, implementing mechanisms to verify the uniqueness of agent IDs is advisable.

Original NVD description (English source)

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS