Description

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) into the .git/config file for persistence, and if any subsequent workflow step uploads artifacts (build outputs, logs, test results, etc.), these tokens can be inadvertently included. Since PraisonAI is a public repository, any user with read access can download these artifacts and extract the leaked tokens, potentially enabling an attacker to push malicious code, poison releases and PyPI/Docker packages, steal repository secrets, and execute a full supply chain compromise affecting all downstream users. The issue spans numerous workflow and action files across .github/workflows/ and .github/actions/. This issue has been fixed in version 4.5.140.

INFO

Published Date :

2026-04-14T03:10:23.697Z

Last Modified :

2026-04-14T03:12:04.840Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40313 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40313.

URL Resource
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3959-6v5q-45q2 cve-icon cve-icon
https://thehackernews.com/2024/08/github-vulnerability-artipacked-exposes.html cve-icon cve-icon
https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact