CVE-2026-44339: PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `main` callables execute

May 11, 2026

praisonaiagents resolves unresolved tool names against module globals and __main__ after it fails to match the declared tool list and the registry. With the default agent configuration, _perm_allow is None, so undeclared non-dangerous tool names are not rejected by the permission gate. An attacker who can influence tool-call names can therefore invoke unintended application callables that were never declared as tools.

References

github.com/MervinPraison/PraisonAI/security/advisories/GHSA-gmjg-hv98-qggq
github.com/advisories/GHSA-gmjg-hv98-qggq
nvd.nist.gov/vuln/detail/CVE-2026-44339

Code Behaviors & Features

Detect and mitigate CVE-2026-44339 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →