CRITICAL🇵🇱 Wersja polska

CVE-2026-41497

CVSS 9.8v3.1pub. 2026-05-08

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. This issue has been patched in version 4.6.9.

🤖 AI Analysis
How it works

The parse_mcp_command() function responsible for handling MCP (Multi-agent Command Protocol) commands does not implement an allowlist of commands or validation of passed arguments. An attacker can therefore pass any executable file — including bash, python or /bin/sh — along with flags enabling inline code execution. Such a prepared command is then directly passed to subprocess execution and executed in the operating system context.

Impact

An unauthenticated remote attacker can gain full control over the system — execute arbitrary code, read or modify data, and cause service unavailability (RCE with full C/I/A triad).

Mitigation & patch

Update PraisonAI to version 4.6.9 or later, which includes a patch removing the vulnerability (commit 47bff65413beaa3c21bf633c1fae4e684348368c). Details available in the vendor's references (GitHub Security Advisory GHSA-9qhq-v63v-fv3j).

Who is affected

PraisonAI (Praison Praisonai) in versions earlier than 4.6.9

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Praison Praisonai

    APP
    Praison
    < 4.6.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2026-44336CRITICAL9.4PL ✓ten sam produkt

Path Traversal i RCE w PraisonAI MCP Server (serwer narzędzi plikowych)

CVE-2026-40288CRITICAL9.8PL ✓ten sam produkt

PraisonAI — RCE i command injection przez niezaufowane pliki YAML

CVE-2026-40313CRITICAL9.1PL ✓ten sam produkt

PraisonAI – wyciek tokenów GitHub przez atak ArtiPACKED w CI/CD

CVE-2026-40289CRITICAL9.1PL ✓ten sam produkt

PraisonAI – nieuwierzytelnione przejęcie sesji przeglądarki przez WebSocket

CVE-2026-40157CRITICAL9.4PL ✓ten sam produkt

Path traversal w PraisonAI — nadpisywanie plików przez złośliwy pakiet .praison