CRITICAL🇵🇱 Wersja polska

CVE-2026-34938

CVSS 10.0v3.1pub. 2026-04-03upd. 2026-04-14

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith() method to the _safe_getattr wrapper, achieving arbitrary OS command execution on the host. This issue has been patched in version 1.5.90.

🤖 AI Analysis
How it works

The execute_code() function runs user-submitted Python code inside a three-layer sandbox. The protection mechanism relies on a helper method _safe_getattr, which validates object attributes using the startswith() method. An attacker can pass a subclass of the str type with an overridden startswith() method, causing the security check to return a false positive, allowing attacker-controlled Python code to execute outside the sandbox, leading to arbitrary system command execution on the host.

Impact

Attacker gains the ability to execute arbitrary system commands on the host (RCE) with full control over confidentiality, integrity, and availability of the system. The flaw can lead to complete server takeover, data leakage, and further lateral movement in the infrastructure.

Mitigation & patch

Update the praisonai-agents package to version 1.5.90 or later, in which the vulnerability has been removed. The patch is available in the vendor's repository on GitHub.

Who is affected

PraisonAI (praisonai-agents package) in all versions prior to 1.5.90.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Praison Praisonaiagents

    APP
    Praison
    < 1.5.90
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-40289CRITICAL9.1PL ✓ten sam produkt

PraisonAI – nieuwierzytelnione przejęcie sesji przeglądarki przez WebSocket

CVE-2026-40288CRITICAL9.8PL ✓ten sam produkt

PraisonAI — RCE i command injection przez niezaufowane pliki YAML

CVE-2026-40111CRITICAL9.3PL ✓ten sam produkt

Command injection w PraisonAIAgents — podatność w obsłudze hooków lifecycle

CVE-2026-41496HIGH8.1ten sam produkt

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, t...

CVE-2026-44335HIGH7.7ten sam produkt

PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a lo...