Credential Leakage Vulnerability in PraisonAI by Mervin Praison
CVE-2026-40313

9.1CRITICAL

Key Information:

Vendor

Mervinpraison

Status
Praisonai
Vendor
CVE Published:
14 April 2026

What is CVE-2026-40313?

PraisonAI, a multi-agent teams system, contains a crucial vulnerability in its GitHub Actions workflows, specifically in versions 4.5.139 and earlier. This flaw can lead to an ArtiPACKED attack, where sensitive tokens such as GITHUB_TOKEN and ACTIONS_RUNTIME_TOKEN are improperly stored in the .git/config file due to the default configuration of actions/checkout. If any subsequent workflow steps upload artifacts, these tokens may be unintentionally included, allowing any user with read access to the public repository to download such artifacts. This exposes the tokens, enabling malicious actors to push harmful code, corrupt release processes, and execute a comprehensive supply chain compromise that affects all downstream users. The vulnerability has been addressed in version 4.5.140.

Affected Version(s)

PraisonAI < 4.5.140

References

https://github.com/MervinPraison/PraisonAI/security/advis...
x_refsource_CONFIRM
https://thehackernews.com/2024/08/github-vulnerability-ar...
x_refsource_MISC
https://unit42.paloaltonetworks.com/github-repo-artifacts...
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.