Platform
python
Component
praisonaiagents
Fixed in
1.5.91
1.5.90
CVE-2026-34938 is a critical remote code execution (RCE) vulnerability affecting PraisonAI Agents. This flaw allows an attacker to bypass the sandbox and execute arbitrary OS commands on the host system. This vulnerability affects versions less than or equal to 1.5.90. The issue has been patched in version 1.5.90.
CVE-2026-34938 affects PraisonAI, specifically the executecode() function within praisonai-agents. This vulnerability allows an attacker to execute arbitrary operating system code, bypassing the implemented security layers. The issue lies in how safe_getattr handles str objects that are subclasses with an overridden startswith() method. By providing such an object, the attacker can circumvent the protections and execute operating system commands with the PraisonAI process's privileges. The CVSS severity score is rated at 10.0, indicating a critical risk. Affected versions are prior to 1.5.90. Successful exploitation of this vulnerability could result in complete system compromise.
The vulnerability is exploited by passing a custom str class to the executecode() function. This custom class overrides the startswith() method. When safegetattr is called with this object, the security check is bypassed, allowing arbitrary code execution. The attacker needs the ability to influence the arguments passed to executecode(). This could be achieved through user input manipulation or malicious code injection into the PraisonAI environment. The exploitation complexity is relatively low, as it does not require specialized skills or tools.
Exploit Status
EPSS
0.13% (33% percentile)
CISA SSVC
CVSS Vector
The solution to mitigate CVE-2026-34938 is to update PraisonAI to version 1.5.90 or higher. This version includes a fix that addresses the vulnerability by correctly validating the object type passed to the safegetattr function. In the meantime, as a temporary measure, restrict access to the executecode() function to trusted users and processes. It is also advisable to review and audit any code that utilizes executecode() to identify potential attack entry points. Implementing a principle of least privilege for accounts running PraisonAI can help limit the impact in case of successful exploitation.
Actualice la biblioteca PraisonAI Agents a la versión 1.5.90 o superior para mitigar la vulnerabilidad de escape de la sandbox. Esta actualización corrige el problema al evitar que se ejecute código Python no seguro a través de la manipulación del método `startswith()` de una subclase `str`.
Vulnerability analysis and critical alerts directly to your inbox.
PraisonAI is an AI platform that uses agents to automate tasks. The vulnerability affects a specific component of this platform.
CVSS 10.0 indicates the highest level of severity, meaning the vulnerability poses a critical security risk.
Check the version of PraisonAI you are using. If it is prior to 1.5.90, you are potentially affected.
Restrict access to the execute_code() function and audit its usage to identify potential attack entry points.
An attacker can execute any operating system command with the privileges of the PraisonAI process.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.