PraisonAI GitHub Actions Vulnerable to Critical Token Leak

The National Vulnerability Database (NVD) recently disclosed a critical vulnerability, CVE-2026-40313, impacting PraisonAI’s multi-agent teams system. Versions 4.5.139 and below are susceptible to what’s known as an ArtiPACKED attack, a nasty credential leakage vector stemming from improper use of actions/checkout in GitHub Actions workflows.

According to the NVD, the default behavior of actions/checkout writes GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) into the .git/config file. If subsequent workflow steps then upload artifacts, these tokens can easily be bundled along. Given PraisonAI is a public repository, any user with read access can download these artifacts and snatch those leaked tokens. This isn’t just a minor slip-up; it’s a direct path for attackers to push malicious code, poison releases, compromise PyPI/Docker packages, steal repository secrets, and ultimately execute a full-blown supply chain compromise. We’re talking about downstream users being affected by this. NVD noted that the issue permeated numerous workflow and action files across .github/workflows/ and .github/actions/. Thankfully, PraisonAI has patched this in version 4.5.140.