UNKNOWNCVE-2026-34935

PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()

Platform

other

Component

praisonai

Fixed in

4.5.69

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_process() with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command execution as the process user. This issue has been patched in version 4.5.69.

How to fix

Actualice PraisonAI a la versión 4.5.69 o posterior. Esta versión corrige la vulnerabilidad de inyección de comandos del sistema operativo. La actualización evitará la ejecución de comandos arbitrarios como el usuario del proceso.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free