{"id":"CVE-2026-41496","summary":"PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)","details":"PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass table_prefix straight into f-string SQL. Same root cause, same code pattern, same exploitation. 52 unvalidated injection points across the codebase. postgres.py additionally accepts an unvalidated schema parameter used directly in DDL. This issue has been patched in praisonai version 4.6.9 and praisonaiagents version 1.6.9.","aliases":["GHSA-rg3h-x3jw-7jm5"],"modified":"2026-05-12T04:19:44.972178Z","published":"2026-05-08T13:19:10.753Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"praisonaiagents \u003c 1.6.9"},{"last_affected":"praisonai \u003c 4.6.9"}],"source":"AFFECTED_FIELD"}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41496.json","cwe_ids":["CWE-89"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41496.json"},{"type":"ADVISORY","url":"https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-rg3h-x3jw-7jm5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41496"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mervinpraison/praisonai","events":[{"introduced":"0"},{"fixed":"9463b1f6419e1db402b2528d6f52cd090b5723b1"}],"database_specific":{"cpe":"cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"4.6.9"}],"source":"CPE_FIELD"}}],"versions":["0.0.55","0.0.56","0.0.57","0.0.59rc5","2.0.25","2.0.26","2.0.27","2.0.28","2.0.29","2.0.30","2.0.31","2.0.32","2.0.33","2.0.34","2.0.35","2.0.36","2.0.37","2.0.38","2.0.39","2.0.40","2.0.41","2.0.42","2.0.43","2.0.44","2.0.45","2.0.46","2.0.47","2.0.48","2.0.49","2.0.50","2.0.51","2.0.53","2.0.54","2.0.55","2.0.56","2.0.57","2.0.58","2.0.59","2.0.60","2.0.61","2.0.62","2.0.63","2.0.64","2.0.65","2.0.66","2.0.67","2.0.68","2.0.69","2.0.70","2.0.71","2.0.72","2.0.73","2.0.74","2.0.75","2.0.76","praisonai-cli@0.2.0","praisonai-derive@0.2.0","praisonai@0.2.0","v0.0.1","v0.0.18","v0.0.20","v0.0.21","v0.0.22","v0.0.23","v0.0.24","v0.0.25","v0.0.26","v0.0.27","v0.0.28","v0.0.29","v0.0.30","v0.0.31","v0.0.32","v0.0.33","v0.0.34","v0.0.35","v0.0.36","v0.0.37","v0.0.38","v0.0.39","v0.0.40","v0.0.41","v0.0.42","v0.0.43","v0.0.44","v0.0.45","v0.0.46","v0.0.47","v0.0.48","v0.0.49","v0.0.50","v0.0.51","v0.0.52","v0.0.53","v0.0.54","v0.0.58","v0.0.59","v0.0.59rc1","v0.0.59rc11","v0.0.59rc2","v0.0.59rc3","v0.0.59rc4","v0.0.59rc5","v0.0.59rc6","v0.0.59rc7","v0.0.59rc8","v0.0.59rc9","v0.0.61","v0.0.62","v0.0.63","v0.0.64","v0.0.65","v0.0.66","v0.0.67","v0.0.68","v0.0.69","v0.0.70","v0.0.71","v0.0.72","v0.0.73","v0.0.74","v0.1.0","v0.1.1","v0.1.10","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.2.0","v1.0.0","v1.0.1","v1.0.10","v1.0.11","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.8","v1.0.9","v2.0.0","v2.0.1","v2.0.10","v2.0.13","v2.0.14","v2.0.15","v2.0.16","v2.0.17","v2.0.18","v2.0.19","v2.0.20","v2.0.21","v2.0.22","v2.0.23","v2.0.24","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.77","v2.0.78","v2.0.79","v2.0.8","v2.0.80","v2.0.81","v2.0.9","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.1.4","v2.1.5","v2.1.6","v2.2.0","v2.2.1","v2.2.10","v2.2.11","v2.2.12","v2.2.13","v2.2.14","v2.2.15","v2.2.16","v2.2.17","v2.2.18","v2.2.19","v2.2.2","v2.2.20","v2.2.21","v2.2.22","v2.2.23","v2.2.24","v2.2.25","v2.2.26","v2.2.27","v2.2.28","v2.2.29","v2.2.3","v2.2.30","v2.2.31","v2.2.32","v2.2.33","v2.2.34","v2.2.35","v2.2.36","v2.2.37","v2.2.38","v2.2.39","v2.2.4","v2.2.40","v2.2.41","v2.2.42","v2.2.43","v2.2.44","v2.2.45","v2.2.46","v2.2.47","v2.2.48","v2.2.49","v2.2.5","v2.2.50","v2.2.51","v2.2.52","v2.2.53","v2.2.54","v2.2.55","v2.2.56","v2.2.57","v2.2.58","v2.2.59","v2.2.6","v2.2.60","v2.2.61","v2.2.62","v2.2.63","v2.2.64","v2.2.65","v2.2.66","v2.2.67","v2.2.68","v2.2.69","v2.2.7","v2.2.70","v2.2.71","v2.2.72","v2.2.73","v2.2.74","v2.2.75","v2.2.76","v2.2.77","v2.2.78","v2.2.79","v2.2.8","v2.2.80","v2.2.81","v2.2.82","v2.2.83","v2.2.84","v2.2.85","v2.2.86","v2.2.87","v2.2.89","v2.2.9","v2.2.90","v2.2.91","v2.2.93","v2.2.96","v2.2.97","v2.2.98","v2.2.99","v2.3.0","v2.3.1","v2.3.10","v2.3.11","v2.3.12","v2.3.13","v2.3.14","v2.3.15","v2.3.16","v2.3.18","v2.3.19","v2.3.2","v2.3.20","v2.3.21","v2.3.22","v2.3.23","v2.3.24","v2.3.25","v2.3.26","v2.3.27","v2.3.28","v2.3.29","v2.3.3","v2.3.30","v2.3.31","v2.3.32","v2.3.33","v2.3.34","v2.3.35","v2.3.36","v2.3.37","v2.3.38","v2.3.39","v2.3.4","v2.3.40","v2.3.41","v2.3.42","v2.3.43","v2.3.44","v2.3.45","v2.3.46","v2.3.47","v2.3.48","v2.3.49","v2.3.5","v2.3.50","v2.3.51","v2.3.52","v2.3.53","v2.3.54","v2.3.55","v2.3.56","v2.3.57","v2.3.58","v2.3.59","v2.3.6","v2.3.60","v2.3.61","v2.3.62","v2.3.63","v2.3.64","v2.3.65","v2.3.66","v2.3.67","v2.3.68","v2.3.69","v2.3.7","v2.3.70","v2.3.71","v2.3.72","v2.3.73","v2.3.74","v2.3.75","v2.3.76","v2.3.77","v2.3.78","v2.3.79","v2.3.8","v2.3.80","v2.3.81","v2.3.82","v2.3.83","v2.3.84","v2.3.85","v2.3.86","v2.3.87","v2.3.9","v2.4.0","v2.4.1","v2.4.2","v2.4.3","v2.4.4","v2.5.0","v2.5.2","v2.5.3","v2.5.4","v2.5.5","v2.5.6","v2.5.7","v2.6.0","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.6.5","v2.6.6","v2.6.7","v2.6.8","v2.7.0","v2.7.1","v2.7.2","v2.7.3","v2.7.4","v2.7.5","v2.7.6","v2.7.7","v2.7.8","v2.7.9","v2.8.0","v4.4.10","v4.4.11","v4.4.12","v4.4.5","v4.4.6","v4.4.7","v4.4.8","v4.4.9","v4.5.0","v4.5.1","v4.5.10","v4.5.100","v4.5.101","v4.5.102","v4.5.103","v4.5.104","v4.5.105","v4.5.106","v4.5.107","v4.5.108","v4.5.109","v4.5.11","v4.5.110","v4.5.111","v4.5.112","v4.5.113","v4.5.115","v4.5.117","v4.5.118","v4.5.119","v4.5.12","v4.5.120","v4.5.121","v4.5.122","v4.5.123","v4.5.124","v4.5.125","v4.5.126","v4.5.128","v4.5.129","v4.5.13","v4.5.130","v4.5.131","v4.5.132","v4.5.133","v4.5.134","v4.5.14","v4.5.140","v4.5.143","v4.5.144","v4.5.145","v4.5.146","v4.5.147","v4.5.148","v4.5.149","v4.5.15","v4.5.16","v4.5.17","v4.5.18","v4.5.19","v4.5.2","v4.5.20","v4.5.21","v4.5.22","v4.5.23","v4.5.24","v4.5.25","v4.5.26","v4.5.27","v4.5.28","v4.5.29","v4.5.3","v4.5.30","v4.5.31","v4.5.32","v4.5.33","v4.5.34","v4.5.35","v4.5.36","v4.5.37","v4.5.38","v4.5.39","v4.5.40","v4.5.41","v4.5.42","v4.5.43","v4.5.44","v4.5.45","v4.5.46","v4.5.48","v4.5.49","v4.5.5","v4.5.51","v4.5.52","v4.5.54","v4.5.55","v4.5.56","v4.5.57","v4.5.58","v4.5.59","v4.5.6","v4.5.60","v4.5.62","v4.5.63","v4.5.64","v4.5.65","v4.5.67","v4.5.68","v4.5.69","v4.5.7","v4.5.70","v4.5.71","v4.5.72","v4.5.73","v4.5.74","v4.5.76","v4.5.77","v4.5.78","v4.5.79","v4.5.8","v4.5.80","v4.5.81","v4.5.82","v4.5.83","v4.5.85","v4.5.87","v4.5.88","v4.5.9","v4.5.90","v4.5.93","v4.5.94","v4.5.95","v4.5.96","v4.5.97","v4.5.98","v4.6.1","v4.6.2","v4.6.3","v4.6.4","v4.6.5","v4.6.6","v4.6.7"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-41496.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}