PraisonAI – Information Disclosure via Shared MultiAgentLedger State_CVE-2026-56077

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents.

Basic Information

ID CVE-2026-56077

Source VulnCheck

Published Jun 18, 2026 at 22:12

Affected Product

Vendor PraisonAI

Product PraisonAI

Affected Versions PraisonAI PraisonAI 0

CWE Classification

CWE-668

References

{
    "lastseen": "",
    "description": "PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents.",
    "published": "2026-06-18T22:12:24.781Z",
    "modified": "2026-06-18T22:12:24.781Z",
    "type": "cve",
    "title": "PraisonAI - Information Disclosure via Shared MultiAgentLedger State",
    "source": "VulnCheck",
    "references": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-766v-q9x3-g744\nhttps://github.com/MervinPraison/PraisonAI\nhttps://www.vulncheck.com/advisories/praisonai-information-disclosure-via-shared-multiagentledger-state",
    "id": "CVE-2026-56077",
    "bulletinFamily": "",
    "cwe": [
        "CWE-668"
    ],
    "cvelist": null,
    "sourceData": "PraisonAI PraisonAI 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PraisonAI",
    "version": "0",
    "vendor": "PraisonAI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}