CVE-2026-40313

April 14, 2026, 4:17 a.m.

9.1
Critical

Description

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) into the .git/config file for persistence, and if any subsequent workflow step uploads artifacts (build outputs, logs, test results, etc.), these tokens can be inadvertently included. Since PraisonAI is a public repository, any user with read access can download these artifacts and extract the leaked tokens, potentially enabling an attacker to push malicious code, poison releases and PyPI/Docker packages, steal repository secrets, and execute a full supply chain compromise affecting all downstream users. The issue spans numerous workflow and action files across .github/workflows/ and .github/actions/. This issue has been fixed in version 4.5.140.

Product(s) Impacted

Vendor Product Versions
Praisonai
  • Praisonai
  • 4.5.139, <4.5.140
Github
  • Actions
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a praisonai praisonai 4.5.139 / / / / / / /
a praisonai praisonai <4.5.140 / / / / / / /
a github actions / / / / / / / /

References

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3959-6v5q-45q2
https://thehackernews.com/2024/08/github-vulnerability-artipacked-exposes.html
https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens

Tags

[email protected]
CWE-829
2026-04-14
CVE-2026-40313

CVSS Score

9.1 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

    View Vector String

Timeline

Published: April 14, 2026, 4:17 a.m.
Last Modified: April 14, 2026, 4:17 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.