PraisonAI Regular Expression Denial-of-Service Vulnerability in MCPToolIndex.search_tools()

A denial-of-service vulnerability has been identified in PraisonAI versions through 4.5.89. The issue arises in the MCPToolIndex.search_tools() method, where user-supplied strings are compiled into Python regular expressions without any validation or sanitization. This lack of oversight allows for crafted regular expressions to cause catastrophic backtracking, which can block the Python thread for hundreds of seconds, leading to a complete service outage. The vulnerability is accessible over the network, as the MCP server HTTP transport does not require an API key by default.

Impact

Exploitation of this vulnerability causes a significant delay in processing, with affected Python threads being blocked for hundreds of seconds. This disruption leads to a complete service outage for the duration of the thread blockage. The vulnerability can be exploited by any attacker on the network, as the MCP server HTTP transport runs without an API key by default. Repeated requests can sustain the denial-of-service condition indefinitely.

Reproduction

To reproduce this vulnerability, first create a directory for the MCP server index and status files. Write a crafted tool index file that includes a regular expression designed to cause catastrophic backtracking into the index directory. Then, create a status file indicating the server is available and not requiring authentication. After setting up these files, import the MCPToolIndex class and call the search_tools() method with the crafted regular expression. The method will block the thread for an extended period, demonstrating the denial-of-service condition.

Remediation

Users can upgrade to PraisonAI version 4.5.90 or later, where this vulnerability has been patched.