A vulnerability classified as critical has been found in MervinPraison PraisonAI up to 4.5.139 . Affected is an unknown function. Performing a manipulation of the argument GITHUB_TOKEN results in inclusion of functionality from untrusted control sphere. This vulnerability is cataloged as CVE-2026-40313 . It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.