CVE-2026-39890: PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading

April 8, 2026 (updated April 9, 2026)

The AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (RCE) on the server.

References

github.com/MervinPraison/PraisonAI
github.com/MervinPraison/PraisonAI/releases/tag/v4.5.115
github.com/MervinPraison/PraisonAI/security/advisories/GHSA-32vr-5gcf-3pw2
github.com/advisories/GHSA-32vr-5gcf-3pw2
nvd.nist.gov/vuln/detail/CVE-2026-39890

Code Behaviors & Features

Detect and mitigate CVE-2026-39890 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →