プラットフォーム
python
コンポーネント
praisonaiagents
修正版
1.5.91
1.5.90
CVE-2026-34937 describes an OS command injection vulnerability within the praisonaiagents library, specifically in the run_python() function. This flaw allows an attacker to execute arbitrary operating system commands due to insufficient escaping of user-supplied code. The vulnerability impacts versions of praisonaiagents prior to 1.5.90, and a patch has been released to address the issue.
The vulnerability lies in how run_python() constructs and executes shell commands. It interpolates user-provided code into a python3 -c "<code>" command and then passes it to subprocess.run(..., shell=True). Critically, the escaping logic only handles backslashes (\) and double quotes ("), failing to properly escape $() and backtick substitutions. This omission allows an attacker to inject arbitrary shell commands that will be executed with the privileges of the praisonaiagents process. A successful exploit could lead to complete system compromise, data exfiltration, or denial of service. The potential blast radius depends on the permissions granted to the praisonaiagents process and the environment it operates within.
This vulnerability was publicly disclosed on 2026-04-01. The lack of robust escaping in run_python() mirrors patterns seen in other command injection vulnerabilities. There is currently no indication of active exploitation campaigns targeting this specific CVE, but the ease of exploitation makes it a potential target. The vulnerability has been added to the CISA KEV catalog, indicating a medium probability of exploitation. No public proof-of-concept exploits have been released at the time of writing.
Systems utilizing praisonaiagents in automated workflows or integrations where user input is processed and passed to the run_python() function are particularly at risk. Environments with limited input validation or sanitization practices are also highly vulnerable. Shared hosting environments where multiple users share the same server instance could be affected if one user's input compromises the entire system.
• python / supply-chain:
import subprocess
import os
def check_praisonaiagents_version():
try:
import praisonaiagents
version = praisonaiagents.__version__
if version <= '1.5.9':
print(f"Vulnerability detected: praisonaiagents version {version} is vulnerable.")
else:
print(f"praisonaiagents version {version} is patched.")
except ImportError:
print("praisonaiagents is not installed.")
check_praisonaiagents_version()• linux / server:
ps aux | grep -q 'python3 -c' && echo "Potential command injection vulnerability detected. Investigate praisonaiagents process." || echo "No suspicious praisonaiagents processes found."• generic web:
Use curl or wget to test endpoints that utilize run_python() with crafted payloads containing $() or backticks to attempt command execution. Examine response headers and content for signs of command execution.
disclosure
patch
エクスプロイト状況
EPSS
0.03% (9% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation is to upgrade to version 1.5.90 or later of praisonaiagents. If upgrading is not immediately feasible, consider implementing temporary workarounds. One approach is to sanitize user-provided code more rigorously before passing it to run_python(), specifically removing or escaping $() and backtick substitutions. Additionally, restrict the permissions of the praisonaiagents process to the minimum necessary to limit the impact of a potential compromise. Consider using a Web Application Firewall (WAF) to filter potentially malicious input. After upgrading, confirm the fix by attempting to inject a simple shell command (e.g., ls -l) through the vulnerable endpoint and verifying that it is not executed.
Actualice PraisonAI a la versión 1.5.90 o superior para mitigar la vulnerabilidad de inyección de comandos. La actualización corrige el problema al escapar correctamente las sustituciones $() y backtick en la construcción de comandos del shell.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-34937 is a HIGH severity OS command injection vulnerability in the praisonaiagents library, allowing attackers to execute arbitrary commands due to insufficient escaping of user-controlled code.
You are affected if you are using praisonaiagents versions less than or equal to 1.5.9. Check your installed version and upgrade immediately if vulnerable.
Upgrade to version 1.5.90 or later of praisonaiagents. If immediate upgrade is not possible, implement stricter input sanitization and restrict process permissions.
There is currently no confirmed active exploitation, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the praisonaiagents project's official release notes and security advisories for the most up-to-date information.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。
requirements.txt ファイルをアップロードすると、影響の有無を即座にお知らせします。