CVE-2026-34938: PraisonAI Agents RCE Vulnerability (CVSS 10)
Platform
python
Component
praisonai-agents
Fixed in
1.5.90
CVE-2026-34938 is a critical remote code execution (RCE) vulnerability affecting PraisonAI Agents. This flaw allows an attacker to bypass the sandbox and execute arbitrary OS commands on the host system. This vulnerability affects versions less than or equal to 1.5.90. The issue has been patched in version 1.5.90.
How to fix
Actualice la biblioteca PraisonAI Agents a la versión 1.5.90 o superior para mitigar la vulnerabilidad de escape de la sandbox. Esta actualización corrige el problema al evitar que se ejecute código Python no seguro a través de la manipulación del método `startswith()` de una subclase `str`.
Frequently asked questions
What is CVE-2026-34938?
CVE-2026-34938 is a critical remote code execution (RCE) vulnerability in PraisonAI Agents that allows attackers to execute arbitrary commands on the host system by bypassing the sandbox.
Am I affected by CVE-2026-34938?
You are affected by CVE-2026-34938 if you are using PraisonAI Agents version 1.5.90 or earlier. This vulnerability allows for remote code execution.
How do I fix CVE-2026-34938?
To fix CVE-2026-34938, upgrade your PraisonAI Agents installation to version 1.5.90 or later. This version contains a patch that addresses the vulnerability.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free