Vulnerabilidades

*** Pendiente de traducción *** PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. This issue has been patched in version 4.6.34.

*** Pendiente de traducción *** PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and joins it onto ~/.praison/rules/ (or, for workflow.show, accepts an absolute path) with no containment check. The JSON-RPC dispatcher passes params["arguments"] blind to each handler via **kwargs without validating against the advertised input schema. By setting rule_name="../../" an attacker walks out of the rules directory and writes any file the running user can write. Dropping a Python .pth file into the user site-packages directory escalates this primitive to arbitrary code execution in any subsequent Python process the user spawns — the next praisonai CLI invocation, an IDE script run, the user's python REPL, or any background Python service. This issue has been patched in version 4.6.34.

*** Pendiente de traducción *** PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.

*** Pendiente de traducción *** PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI_ALLOW_LOCAL_TOOLS=true in two files (tool_resolver.py, api/call.py). A third import sink in praisonai/templates/tool_override.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is remotely triggerable through POST /v1/recipes/run with a recipe value pointing at any local absolute path or any GitHub repo (because SecurityConfig.allow_any_github defaults to True). The attacker drops a tools.py next to TEMPLATE.yaml; the server exec_module()s it. No auth required by default, no environment opt-in required. This issue has been patched in version 4.6.32.

*** Pendiente de traducción *** PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after it fails to match the declared tool list and the registry. With the default agent configuration, _perm_allow is None, so undeclared non-dangerous tool names are not rejected by the permission gate. An attacker who can influence tool-call names can therefore invoke unintended application callables that were never declared as tools. This issue has been patched in praisonai version 4.6.37 and praisonaiagents version 1.6.37.

*** Pendiente de traducción *** SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to access functionality that should require a valid session.

*** Pendiente de traducción *** SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote attackers to execute code via a crafted serialized object.

*** Pendiente de traducción *** SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the privileges of the api.app process.

*** Pendiente de traducción *** SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> smb: client: require a full NFS mode SID before reading mode bits<br /> <br /> parse_dacl() treats an ACE SID matching sid_unix_NFS_mode as an NFS<br /> mode SID and reads sid.sub_auth[2] to recover the mode bits.<br /> <br /> That assumes the ACE carries three subauthorities, but compare_sids()<br /> only compares min(a, b) subauthorities. A malicious server can return<br /> an ACE with num_subauth = 2 and sub_auth[] = {88, 3}, which still<br /> matches sid_unix_NFS_mode and then drives the sub_auth[2] read four<br /> bytes past the end of the ACE.<br /> <br /> Require num_subauth &gt;= 3 before treating the ACE as an NFS mode SID.<br /> This keeps the fix local to the special-SID mode path without changing<br /> compare_sids() semantics for the rest of cifsacl.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> perf/x86/intel/uncore: Fix die ID init and look up bugs<br /> <br /> In snbep_pci2phy_map_init(), in the nr_node_ids &gt; 8 path,<br /> uncore_device_to_die() may return -1 when all CPUs associated<br /> with the UBOX device are offline.<br /> <br /> Remove the WARN_ON_ONCE(die_id == -1) check for two reasons:<br /> <br /> - The current code breaks out of the loop. This is incorrect because<br /> pci_get_device() does not guarantee iteration in domain or bus order,<br /> so additional UBOX devices may be skipped during the scan.<br /> <br /> - Returning -EINVAL is incorrect, since marking offline buses with<br /> die_id == -1 is expected and should not be treated as an error.<br /> <br /> Separately, when NUMA is disabled on a NUMA-capable platform,<br /> pcibus_to_node() returns NUMA_NO_NODE, causing uncore_device_to_die()<br /> to return -1 for all PCI devices. As a result,<br /> spr_update_device_location(), used on Intel SPR and EMR, ignores the<br /> corresponding PMON units and does not add them to the RB tree.<br /> <br /> Fix this by using uncore_pcibus_to_dieid(), which retrieves topology<br /> from the UBOX GIDNIDMAP register and works regardless of whether NUMA<br /> is enabled in Linux. This requires snbep_pci2phy_map_init() to be<br /> added in spr_uncore_pci_init().<br /> <br /> Keep uncore_device_to_die() only for the nr_node_ids &gt; 8 case, where<br /> NUMA is expected to be enabled.

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: gadget: f_subset: Fix unbalanced refcnt in geth_free<br /> <br /> geth_alloc() increments the reference count, but geth_free() fails to<br /> decrement it. This prevents the configuration of attributes via configfs<br /> after unlinking the function.<br /> <br /> Decrement the reference count in geth_free() to ensure proper cleanup.