Vulnerabilities

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI_ALLOW_LOCAL_TOOLS=true in two files (tool_resolver.py, api/call.py). A third import sink in praisonai/templates/tool_override.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is remotely triggerable through POST /v1/recipes/run with a recipe value pointing at any local absolute path or any GitHub repo (because SecurityConfig.allow_any_github defaults to True). The attacker drops a tools.py next to TEMPLATE.yaml; the server exec_module()s it. No auth required by default, no environment opt-in required. This issue has been patched in version 4.6.32.

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after it fails to match the declared tool list and the registry. With the default agent configuration, _perm_allow is None, so undeclared non-dangerous tool names are not rejected by the permission gate. An attacker who can influence tool-call names can therefore invoke unintended application callables that were never declared as tools. This issue has been patched in praisonai version 4.6.37 and praisonaiagents version 1.6.37.

SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: client: require a full NFS mode SID before reading mode bits<br /> <br /> parse_dacl() treats an ACE SID matching sid_unix_NFS_mode as an NFS<br /> mode SID and reads sid.sub_auth[2] to recover the mode bits.<br /> <br /> That assumes the ACE carries three subauthorities, but compare_sids()<br /> only compares min(a, b) subauthorities. A malicious server can return<br /> an ACE with num_subauth = 2 and sub_auth[] = {88, 3}, which still<br /> matches sid_unix_NFS_mode and then drives the sub_auth[2] read four<br /> bytes past the end of the ACE.<br /> <br /> Require num_subauth &gt;= 3 before treating the ACE as an NFS mode SID.<br /> This keeps the fix local to the special-SID mode path without changing<br /> compare_sids() semantics for the rest of cifsacl.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> perf/x86/intel/uncore: Fix die ID init and look up bugs<br /> <br /> In snbep_pci2phy_map_init(), in the nr_node_ids &gt; 8 path,<br /> uncore_device_to_die() may return -1 when all CPUs associated<br /> with the UBOX device are offline.<br /> <br /> Remove the WARN_ON_ONCE(die_id == -1) check for two reasons:<br /> <br /> - The current code breaks out of the loop. This is incorrect because<br /> pci_get_device() does not guarantee iteration in domain or bus order,<br /> so additional UBOX devices may be skipped during the scan.<br /> <br /> - Returning -EINVAL is incorrect, since marking offline buses with<br /> die_id == -1 is expected and should not be treated as an error.<br /> <br /> Separately, when NUMA is disabled on a NUMA-capable platform,<br /> pcibus_to_node() returns NUMA_NO_NODE, causing uncore_device_to_die()<br /> to return -1 for all PCI devices. As a result,<br /> spr_update_device_location(), used on Intel SPR and EMR, ignores the<br /> corresponding PMON units and does not add them to the RB tree.<br /> <br /> Fix this by using uncore_pcibus_to_dieid(), which retrieves topology<br /> from the UBOX GIDNIDMAP register and works regardless of whether NUMA<br /> is enabled in Linux. This requires snbep_pci2phy_map_init() to be<br /> added in spr_uncore_pci_init().<br /> <br /> Keep uncore_device_to_die() only for the nr_node_ids &gt; 8 case, where<br /> NUMA is expected to be enabled.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: gadget: f_subset: Fix unbalanced refcnt in geth_free<br /> <br /> geth_alloc() increments the reference count, but geth_free() fails to<br /> decrement it. This prevents the configuration of attributes via configfs<br /> after unlinking the function.<br /> <br /> Decrement the reference count in geth_free() to ensure proper cleanup.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: gadget: f_rndis: Protect RNDIS options with mutex<br /> <br /> The class/subclass/protocol options are suspectible to race conditions<br /> as they can be accessed concurrently through configfs.<br /> <br /> Use existing mutex to protect these options. This issue was identified<br /> during code inspection.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/ipv6: ioam6: prevent schema length wraparound in trace fill<br /> <br /> ioam6_fill_trace_data() stores the schema contribution to the trace<br /> length in a u8. With bit 22 enabled and the largest schema payload,<br /> sclen becomes 1 + 1020 / 4, wraps from 256 to 0, and bypasses the<br /> remaining-space check. __ioam6_fill_trace_data() then positions the<br /> write cursor without reserving the schema area but still copies the<br /> 4-byte schema header and the full schema payload, overrunning the trace<br /> buffer.<br /> <br /> Keep sclen in an unsigned int so the remaining-space check and the write<br /> cursor calculation both see the full schema length.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: ipa: fix event ring index not programmed for IPA v5.0+<br /> <br /> For IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to<br /> CH_C_CNTXT_1. The v5.0 register definition intended to define this<br /> field in the CH_C_CNTXT_1 fmask array but used the old identifier of<br /> ERINDEX instead of CH_ERINDEX.<br /> <br /> Without a valid event ring, GSI channels could never signal transfer<br /> completions. This caused gsi_channel_trans_quiesce() to block<br /> forever in wait_for_completion().<br /> <br /> At least for IPA v5.2 this resolves an issue seen where runtime<br /> suspend, system suspend, and remoteproc stop all hanged forever. It<br /> also meant the IPA data path was completely non functional.