GHSA Advisory · Coordinated Disclosure

GHSA-78r8-wwqv-r299

PraisonAI · PyPI

Unguarded exec_module sinks in AgentsGenerator

Type

GHSA

CVE

CVE-2026-47398

Severity

High

CVSS

8.1

Ecosystem

PyPI

Summary

GHSA-78r8-wwqv-r299: PraisonAI `AgentsGenerator.load_tools_from_module*` reaches unguarded `exec_module` sinks. Coordinated through the GitHub Security Advisory database.

References

GitHub Advisory Database — GHSA-78r8-wwqv-r299
SnailSploit on GitHub

Context

Part of SnailSploit's coordinated-disclosure work. 60 published CVEs and 7 GHSA advisories across the OSS ecosystem.

Credit: Kai Aizen & Avraham Shemesh