Platform
python
Component
praisonaiagents
Fixed in
4.5.140
1.5.141
1.5.140
CVE-2026-40288 is a critical Remote Code Execution (RCE) vulnerability discovered in praisonaiagents, impacting versions up to 1.5.99. This vulnerability arises from the insecure handling of untrusted YAML files during workflow execution, allowing attackers to execute arbitrary commands on the host system. A fix is available in version 1.5.140, and users are strongly advised to upgrade immediately.
The vulnerability lies within the praisonai workflow run <file.yaml> command, which loads and processes YAML files to define and execute workflows. Specifically, the JobWorkflowExecutor in job_workflow.py is susceptible to exploitation. The type: job configuration allows for three distinct attack vectors: run: executes shell commands via subprocess.run(), script: executes inline Python code via exec(), and python: executes arbitrary Python scripts. A carefully crafted YAML file can leverage any of these options to achieve remote code execution, effectively granting an attacker complete control over the affected system. This represents a significant security risk, potentially leading to data breaches, system compromise, and further lateral movement within the network.
Public proof-of-concept (PoC) code is available, demonstrating the ease of exploitation. The vulnerability's simplicity and the availability of a PoC suggest a high probability of exploitation. While no confirmed active campaigns have been publicly reported as of the publication date, the critical severity and ease of exploitation make it a likely target. This CVE was published on 2026-04-10.
Exploit Status
EPSS
0.09% (25% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-40288 is to upgrade praisonaiagents to version 1.5.140 or later, which contains the necessary fix. If upgrading immediately is not feasible, consider implementing temporary workarounds. Restrict access to the praisonai workflow run command to trusted users only. Implement input validation to sanitize YAML files before processing, although this is complex and may not be fully effective. Consider using a Web Application Firewall (WAF) or proxy to filter potentially malicious YAML payloads. Monitor system logs for suspicious activity related to workflow execution, particularly commands executed by subprocess.run() or exec(). After upgrading, confirm the fix by attempting to execute a known malicious YAML file (in a controlled environment) and verifying that it is blocked.
Update PraisonAI to version 4.5.139 or higher, and praisonaiagents to version 1.5.140 or higher. These versions address the vulnerability by validating and restricting the execution of arbitrary commands through workflow YAML files.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-40288 is a critical Remote Code Execution vulnerability in praisonaiagents versions up to 1.5.99, allowing attackers to execute arbitrary commands through malicious YAML files.
Yes, if you are using praisonaiagents version 1.5.99 or earlier, you are vulnerable to this RCE vulnerability.
Upgrade praisonaiagents to version 1.5.140 or later to address this vulnerability. Implement temporary workarounds if immediate upgrade is not possible.
While no confirmed active campaigns are publicly reported, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the praisonaiagents project's official release notes and security advisories for detailed information and updates regarding CVE-2026-40288.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.