What happened
PraisonAI's MultiAgentLedger component does not enforce agent ID uniqueness. An attacker can register a duplicate agent ID, causing their agent to share a ledger instance with the legitimate agent, exposing sensitive data and inter-agent communications. Published 2026-06-18, CVSS 6.5 MEDIUM.
Why it matters
Agent ledgers in multi-agent systems contain task state, memory, and potentially sensitive tool outputs. Cross-agent data leakage via ID collision can expose confidential business data or agent instructions to unauthorized parties in shared PraisonAI deployments.
Attack vector
Attacker registers an agent with an ID matching an existing agent's ID. Due to lack of uniqueness enforcement, the attacker's agent shares the same MultiAgentLedger instance, gaining visibility into the other agent's execution state, memory, and data.
Affected systems
PraisonAI < 1.5.115
Mitigation
Upgrade to PraisonAI 1.5.115 or later.