CVE-2026-34955: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MervinPraison PraisonAI
CVE-2026-34955 is a high-severity OS command injection vulnerability in MervinPraison's PraisonAI versions prior to 4. 5. 97. The vulnerability arises because the SubprocessSandbox component uses subprocess. run() with shell=True and relies on a blocklist that fails to include sh or bash as standalone executables. This allows an attacker to escape the sandbox in STRICT mode by invoking sh -c '<command>'. The issue has been patched in version 4. 5. 97.
AI Analysis
Technical Summary
PraisonAI is a multi-agent teams system. Before version 4.5.97, its SubprocessSandbox component in all modes (BASIC, STRICT, NETWORK_ISOLATED) executes subprocess.run() with shell=True and attempts to block dangerous commands using string-pattern matching. However, the blocklist does not include the shell executables sh or bash, enabling trivial sandbox escape in STRICT mode by running sh -c '<command>'. This improper neutralization of special elements leads to OS command injection (CWE-78). The vulnerability has been addressed in version 4.5.97.
Potential Impact
Successful exploitation allows an attacker with low privileges to execute arbitrary OS commands with high impact on confidentiality, integrity, and availability. The attacker can escape sandbox restrictions, potentially leading to full system compromise. The CVSS v3.1 score is 8.8 (High), reflecting local attack vector, low attack complexity, low privileges required, no user interaction, and complete compromise of confidentiality, integrity, and availability.
Mitigation Recommendations
A fix is available in PraisonAI version 4.5.97. Users should upgrade to this version or later to remediate the vulnerability. No other mitigation guidance is provided or necessary given the availability of the official patch.
CVE-2026-34955: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MervinPraison PraisonAI
Description
CVE-2026-34955 is a high-severity OS command injection vulnerability in MervinPraison's PraisonAI versions prior to 4. 5. 97. The vulnerability arises because the SubprocessSandbox component uses subprocess. run() with shell=True and relies on a blocklist that fails to include sh or bash as standalone executables. This allows an attacker to escape the sandbox in STRICT mode by invoking sh -c '<command>'. The issue has been patched in version 4. 5. 97.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
PraisonAI is a multi-agent teams system. Before version 4.5.97, its SubprocessSandbox component in all modes (BASIC, STRICT, NETWORK_ISOLATED) executes subprocess.run() with shell=True and attempts to block dangerous commands using string-pattern matching. However, the blocklist does not include the shell executables sh or bash, enabling trivial sandbox escape in STRICT mode by running sh -c '<command>'. This improper neutralization of special elements leads to OS command injection (CWE-78). The vulnerability has been addressed in version 4.5.97.
Potential Impact
Successful exploitation allows an attacker with low privileges to execute arbitrary OS commands with high impact on confidentiality, integrity, and availability. The attacker can escape sandbox restrictions, potentially leading to full system compromise. The CVSS v3.1 score is 8.8 (High), reflecting local attack vector, low attack complexity, low privileges required, no user interaction, and complete compromise of confidentiality, integrity, and availability.
Mitigation Recommendations
A fix is available in PraisonAI version 4.5.97. Users should upgrade to this version or later to remediate the vulnerability. No other mitigation guidance is provided or necessary given the availability of the official patch.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-31T17:27:08.662Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d04d960a160ebd926594f3
Added to database: 4/3/2026, 11:30:30 PM
Last enriched: 4/3/2026, 11:45:25 PM
Last updated: 4/4/2026, 2:44:14 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.