Platform
python
Component
praisonai
Fixed in
4.5.122
4.5.121
CVE-2026-40088 is a critical Command Injection vulnerability affecting PraisonAI versions up to 4.5.98. This vulnerability allows attackers to execute arbitrary shell commands by injecting malicious input into workflow definitions, agent configurations, and LLM-generated tool calls. The vulnerability stems from the insecure use of subprocess.run() with shell=True. A patch is available in version 4.5.121.
The impact of CVE-2026-40088 is severe, enabling an attacker to gain complete control over the system running PraisonAI. Successful exploitation allows for arbitrary code execution with the privileges of the PraisonAI process. This could lead to data exfiltration, system compromise, and potentially lateral movement within the network. The vulnerability's exposure through multiple input vectors (YAML, agent configs, LLM calls) increases the attack surface and potential for exploitation. The use of shell=True directly exposes the system to command injection, similar to vulnerabilities seen in other applications that mishandle user input in shell commands.
CVE-2026-40088 was publicly disclosed on 2026-04-08. The vulnerability's severity and ease of exploitation suggest a medium to high probability of exploitation. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. It is not currently listed on CISA KEV.
Exploit Status
EPSS
0.06% (17% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-40088 is to upgrade PraisonAI to version 4.5.121 or later. If upgrading immediately is not possible, consider implementing temporary workarounds. Strict input validation and sanitization of all user-controlled data within workflow definitions, agent configurations, and LLM-generated tool calls is crucial. Disable or restrict the use of LLM-generated tool calls if possible. Consider using a Web Application Firewall (WAF) with command injection rules to filter malicious input. Monitor system logs for suspicious shell activity and unusual process executions.
Update PraisonAI to version 4.5.121 or higher to mitigate the command injection vulnerability. This update corrects how user-controlled input is handled in the `execute_command` functions and workflow shell execution, preventing arbitrary command injection.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-40088 is a critical vulnerability in PraisonAI allowing attackers to inject shell commands via YAML, agent configs, and LLM calls, potentially leading to system compromise.
You are affected if you are using PraisonAI versions 4.5.98 or earlier. Upgrade to 4.5.121 or later to mitigate the risk.
Upgrade PraisonAI to version 4.5.121 or later. As a temporary workaround, implement strict input validation and sanitization of user-controlled data.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a potential for active exploitation.
Refer to the PraisonAI security advisory for detailed information and updates regarding CVE-2026-40088.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.