Platform
python
Component
praisonaiagents
Fixed in
1.5.116
1.5.115
CVE-2026-39888 represents a critical Remote Code Execution (RCE) vulnerability discovered in praisonaiagents, specifically within the executecode() function of the pythontools module. This flaw allows attackers to bypass intended sandbox restrictions and execute arbitrary code on affected systems. The vulnerability impacts versions of praisonaiagents up to and including 1.5.99, and a fix is available in version 1.5.115.
The core of this vulnerability lies in the incomplete Attribute blocklist within the execute_code() function's subprocess sandbox. While intended to restrict user-provided code, the list only blocks a subset of attributes compared to the direct execution path. Specifically, four crucial attributes enabling frame traversal are missing. An attacker can exploit this by crafting malicious code that leverages these unblocked attributes to escape the sandbox and execute arbitrary commands with the privileges of the praisonaiagents process. Successful exploitation could lead to complete system compromise, data exfiltration, and potentially lateral movement within the network. The impact is particularly severe given the potential for arbitrary code execution, making it a high-priority vulnerability to address.
CVE-2026-39888 was publicly disclosed on 2026-04-08. As of this date, there are no known public exploits or active campaigns targeting this vulnerability. The CVSS score of 9.9 (CRITICAL) reflects the severity of the RCE vulnerability. It is recommended to prioritize remediation due to the potential for significant impact. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.09% (26% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-39888 is to immediately upgrade praisonaiagents to version 1.5.115 or later, which includes the corrected blocklist. If upgrading is not immediately feasible, consider implementing temporary workarounds. While a direct WAF rule is unlikely to be effective due to the nature of the code execution, restricting network access to the praisonaiagents service can limit potential attack vectors. Carefully review and audit any user-provided code passed to the execute_code() function, even if it's within a sandbox. After upgrading, verify the fix by attempting to execute code that previously bypassed the sandbox; the updated blocklist should now prevent successful execution.
Actualice a la versión 1.5.115 o superior para mitigar la vulnerabilidad. Esta versión corrige el problema al incluir los atributos de frame-traversal necesarios en la lista de atributos bloqueados del subprocess, previniendo la exposición de los builtins del intérprete Python.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-39888 is a critical Remote Code Execution vulnerability in praisonaiagents versions up to 1.5.99. It allows attackers to bypass sandbox restrictions and execute arbitrary code.
If you are using praisonaiagents version 1.5.99 or earlier, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
Upgrade praisonaiagents to version 1.5.115 or later to remediate the vulnerability. If upgrading is not possible, consider temporary workarounds like restricting network access.
As of the public disclosure date, there are no known active exploits or campaigns targeting CVE-2026-39888, but the critical severity warrants immediate attention.
Refer to the praisonaiagents project's official release notes and security advisories for the most up-to-date information regarding CVE-2026-39888.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.