PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents.
Metrics
Affected Vendors & Products
References
History
Tue, 23 Jun 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 18 Jun 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversation history between agents. | |
| Title | PraisonAI - Information Disclosure via Shared MultiAgentLedger State | |
| First Time appeared |
Praison
Praison praisonai |
|
| Weaknesses | CWE-668 | |
| CPEs | cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Praison
Praison praisonai |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published: 2026-06-18T22:12:24.781Z
Updated: 2026-06-23T20:44:50.811Z
Reserved: 2026-06-18T15:57:20.434Z
Link: CVE-2026-56077
Updated: 2026-06-23T20:44:48.123Z
No data.
No data.