CVE-2026-34935: PraisonAI Command Injection Vulnerability
Plattform
python
Komponente
praisonai
Behoben in
4.5.69
CVE-2026-34935 is a critical command injection vulnerability affecting PraisonAI, a multi-agent teams system. The vulnerability allows arbitrary OS command execution as the process user due to unsanitized input passed to `shlex.split()` via the `--mcp` CLI argument. This impacts versions 4.5.15 up to, but not including, 4.5.69. The vulnerability is fixed in version 4.5.69.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-34935?
CVE-2026-34935 is a Command Injection vulnerability in PraisonAI that allows an attacker to execute arbitrary OS commands on the system.
Am I affected by CVE-2026-34935?
You are affected if you are using PraisonAI versions 4.5.15 up to, but not including, 4.5.69. Version 4.5.69 and later are not affected.
How do I fix CVE-2026-34935?
To fix this vulnerability, upgrade your PraisonAI installation to version 4.5.69 or later. This version contains the necessary patch.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten