Plateforme
python
Composant
praisonai
Corrigé dans
4.5.122
4.5.121
CVE-2026-40088 is a critical Command Injection vulnerability affecting PraisonAI versions up to 4.5.98. This vulnerability allows attackers to execute arbitrary shell commands by injecting malicious input into workflow definitions, agent configurations, and LLM-generated tool calls. The vulnerability stems from the insecure use of subprocess.run() with shell=True. A patch is available in version 4.5.121.
The impact of CVE-2026-40088 is severe, enabling an attacker to gain complete control over the system running PraisonAI. Successful exploitation allows for arbitrary code execution with the privileges of the PraisonAI process. This could lead to data exfiltration, system compromise, and potentially lateral movement within the network. The vulnerability's exposure through multiple input vectors (YAML, agent configs, LLM calls) increases the attack surface and potential for exploitation. The use of shell=True directly exposes the system to command injection, similar to vulnerabilities seen in other applications that mishandle user input in shell commands.
CVE-2026-40088 was publicly disclosed on 2026-04-08. The vulnerability's severity and ease of exploitation suggest a medium to high probability of exploitation. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. It is not currently listed on CISA KEV.
Organizations heavily reliant on PraisonAI for automation and AI workflows are particularly at risk. Environments where agent configurations are managed through YAML files and LLMs are used to generate tool calls are especially vulnerable. Shared hosting environments where multiple users share the same PraisonAI instance are also at increased risk.
• python: Monitor PraisonAI logs for suspicious shell commands or process executions. Look for instances of subprocess.run() being called with shell=True and user-controlled input.
import re
# Example: Check PraisonAI logs for suspicious commands
with open('praisonai.log', 'r') as f:
for line in f:
if re.search(r'subprocess.run\(shell=True', line) and re.search(r'user_input', line):
print(f'Potential command injection: {line}')• linux / server: Use journalctl to filter for PraisonAI process executions and examine the command-line arguments for suspicious shell metacharacters.
journalctl -u praisonai --grep='subprocess.run(shell=True'• generic web: Examine access and error logs for requests containing suspicious shell metacharacters in parameters or headers.
disclosure
Statut de l'Exploit
EPSS
0.06% (percentile 17%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-40088 is to upgrade PraisonAI to version 4.5.121 or later. If upgrading immediately is not possible, consider implementing temporary workarounds. Strict input validation and sanitization of all user-controlled data within workflow definitions, agent configurations, and LLM-generated tool calls is crucial. Disable or restrict the use of LLM-generated tool calls if possible. Consider using a Web Application Firewall (WAF) with command injection rules to filter malicious input. Monitor system logs for suspicious shell activity and unusual process executions.
Actualice PraisonAI a la versión 4.5.121 o superior para mitigar la vulnerabilidad de inyección de comandos. Esta actualización corrige la forma en que se manejan las entradas controladas por el usuario en las funciones `execute_command` y la ejecución de shell en los flujos de trabajo, evitando la inyección de comandos arbitrarios.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-40088 is a critical vulnerability in PraisonAI allowing attackers to inject shell commands via YAML, agent configs, and LLM calls, potentially leading to system compromise.
You are affected if you are using PraisonAI versions 4.5.98 or earlier. Upgrade to 4.5.121 or later to mitigate the risk.
Upgrade PraisonAI to version 4.5.121 or later. As a temporary workaround, implement strict input validation and sanitization of user-controlled data.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a potential for active exploitation.
Refer to the PraisonAI security advisory for detailed information and updates regarding CVE-2026-40088.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.