CVE-2026-34935: PraisonAI Command Injection Vulnerability
Platform
python
Component
praisonai
Fixed in
4.5.69
CVE-2026-34935 is a critical Command Injection vulnerability affecting PraisonAI, a multi-agent teams system. This flaw allows attackers to execute arbitrary operating system commands due to unsanitized input passed to the system. The vulnerability affects versions 4.5.15 up to, but not including, 4.5.69. A patch is available in version 4.5.69 to address this issue.
How to fix
Actualice PraisonAI a la versión 4.5.69 o superior para mitigar la vulnerabilidad de inyección de comandos del sistema operativo. Esta actualización corrige la falta de validación de la entrada proporcionada a través del argumento --mcp, previniendo la ejecución de comandos arbitrarios.
Frequently asked questions
What is CVE-2026-34935?
CVE-2026-34935 is a Command Injection vulnerability in PraisonAI that allows attackers to execute arbitrary OS commands on the system.
Am I affected by CVE-2026-34935?
You are affected if you are using PraisonAI versions 4.5.15 up to, but not including, 4.5.69. Version 4.5.69 and later contain the fix.
How do I fix CVE-2026-34935?
To fix this vulnerability, upgrade your PraisonAI installation to version 4.5.69 or later. This version includes a patch that mitigates the command injection risk.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free