Platform
python
Component
praisonaiagents
Fixed in
1.5.91
1.5.90
CVE-2026-34937 describes an OS command injection vulnerability within the praisonaiagents library, specifically in the run_python() function. This flaw allows an attacker to execute arbitrary operating system commands due to insufficient escaping of user-supplied code. The vulnerability impacts versions of praisonaiagents prior to 1.5.90, and a patch has been released to address the issue.
The vulnerability lies in how run_python() constructs and executes shell commands. It interpolates user-provided code into a python3 -c "<code>" command and then passes it to subprocess.run(..., shell=True). Critically, the escaping logic only handles backslashes (\) and double quotes ("), failing to properly escape $() and backtick substitutions. This omission allows an attacker to inject arbitrary shell commands that will be executed with the privileges of the praisonaiagents process. A successful exploit could lead to complete system compromise, data exfiltration, or denial of service. The potential blast radius depends on the permissions granted to the praisonaiagents process and the environment it operates within.
This vulnerability was publicly disclosed on 2026-04-01. The lack of robust escaping in run_python() mirrors patterns seen in other command injection vulnerabilities. There is currently no indication of active exploitation campaigns targeting this specific CVE, but the ease of exploitation makes it a potential target. The vulnerability has been added to the CISA KEV catalog, indicating a medium probability of exploitation. No public proof-of-concept exploits have been released at the time of writing.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to version 1.5.90 or later of praisonaiagents. If upgrading is not immediately feasible, consider implementing temporary workarounds. One approach is to sanitize user-provided code more rigorously before passing it to run_python(), specifically removing or escaping $() and backtick substitutions. Additionally, restrict the permissions of the praisonaiagents process to the minimum necessary to limit the impact of a potential compromise. Consider using a Web Application Firewall (WAF) to filter potentially malicious input. After upgrading, confirm the fix by attempting to inject a simple shell command (e.g., ls -l) through the vulnerable endpoint and verifying that it is not executed.
Update PraisonAI to version 1.5.90 or higher to mitigate the command injection vulnerability. The update fixes the issue by correctly escaping $() and backtick substitutions in the shell command construction.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34937 is a HIGH severity OS command injection vulnerability in the praisonaiagents library, allowing attackers to execute arbitrary commands due to insufficient escaping of user-controlled code.
You are affected if you are using praisonaiagents versions less than or equal to 1.5.9. Check your installed version and upgrade immediately if vulnerable.
Upgrade to version 1.5.90 or later of praisonaiagents. If immediate upgrade is not possible, implement stricter input sanitization and restrict process permissions.
There is currently no confirmed active exploitation, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the praisonaiagents project's official release notes and security advisories for the most up-to-date information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.