These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-56078 is a high-severity path traversal vulnerability in PraisonAI's MultiAgentMonitor. Attackers can exploit this vulnerability to read, write, or overwrite arbitrary files, potentially leading to sensitive disclosure, denial of service, or code execution. The vulnerability has a CVSS score of 8.7 and is considered HIGH severity. PraisonAI versions before 1.5.115 are affected. Users should updat [truncated]
CVE-2026-56077 is a high-severity information disclosure vulnerability in the MultiAgentLedger component of PraisonAI versions before 1.5.115. This vulnerability allows attackers to access sensitive data by registering agents with duplicate IDs, exploiting the lack of agent ID uniqueness enforcement. Consequently, attackers can share ledger instances and expose system prompts and conversation history betw [truncated]
CVE-2026-56076 is a high-severity vulnerability in PraisonAI, a tool with an unknown vendor, that allows remote attackers to execute arbitrary agent actions. This is possible because the AGUI endpoint lacks authentication and has hardcoded wildcard CORS headers. Specifically, the POST /agui endpoint does not require authentication and includes 'Access-Control-Allow-Origin: *' headers. When combined with S [truncated]