CVE-2026-40088: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MervinPraison PraisonAI
PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. This vulnerability is fixed in 4.5.121.
AI Analysis
Technical Summary
PraisonAI versions before 4.5.121 contain an OS command injection vulnerability (CWE-78) in the execute_command function and workflow shell execution. User inputs through agent workflows, YAML definitions, and LLM-generated tool calls are not properly sanitized, allowing injection of arbitrary shell commands via shell metacharacters. This can lead to complete system compromise. The vulnerability is fixed in version 4.5.121. No known exploits in the wild have been reported.
Potential Impact
Successful exploitation allows an unauthenticated attacker to execute arbitrary shell commands on the affected system, resulting in full compromise of confidentiality, integrity, and availability. Given the critical CVSS score of 9.7, the impact is severe, potentially enabling remote code execution and system takeover.
Mitigation Recommendations
Upgrade PraisonAI to version 4.5.121 or later, where this vulnerability is fixed. Since the product is not a cloud service, remediation requires applying this official fix. Patch status is confirmed by the vendor advisory indicating the fix in 4.5.121. No alternative mitigations are specified.
CVE-2026-40088: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in MervinPraison PraisonAI
Description
PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. This vulnerability is fixed in 4.5.121.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
PraisonAI versions before 4.5.121 contain an OS command injection vulnerability (CWE-78) in the execute_command function and workflow shell execution. User inputs through agent workflows, YAML definitions, and LLM-generated tool calls are not properly sanitized, allowing injection of arbitrary shell commands via shell metacharacters. This can lead to complete system compromise. The vulnerability is fixed in version 4.5.121. No known exploits in the wild have been reported.
Potential Impact
Successful exploitation allows an unauthenticated attacker to execute arbitrary shell commands on the affected system, resulting in full compromise of confidentiality, integrity, and availability. Given the critical CVSS score of 9.7, the impact is severe, potentially enabling remote code execution and system takeover.
Mitigation Recommendations
Upgrade PraisonAI to version 4.5.121 or later, where this vulnerability is fixed. Since the product is not a cloud service, remediation requires applying this official fix. Patch status is confirmed by the vendor advisory indicating the fix in 4.5.121. No alternative mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T00:39:12.206Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d806d21cc7ad14da15a576
Added to database: 4/9/2026, 8:06:42 PM
Last enriched: 4/9/2026, 8:20:59 PM
Last updated: 4/10/2026, 8:15:15 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.