CVE-2026-40113: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in MervinPraison PraisonAI
PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injecting arbitrary environment variables into the deployed Cloud Run service. This vulnerability is fixed in 4.5.128.
AI Analysis
Technical Summary
PraisonAI versions before 4.5.128 contain an argument injection vulnerability (CWE-88) in the deploy.py script. The script builds a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly inserting the values of openai_model, openai_key, and openai_base without sanitizing commas. Because gcloud interprets commas as separators for environment variable definitions, a comma in any of these values causes the trailing text to be parsed as additional environment variables, enabling injection of arbitrary environment variables into the Cloud Run deployment. This flaw allows an attacker with local privileges to influence environment variables in the deployed service, potentially leading to confidentiality and integrity impacts. The issue is resolved in PraisonAI version 4.5.128.
Potential Impact
An attacker with the ability to influence the openai_model, openai_key, or openai_base values used during deployment can inject arbitrary environment variables into the Cloud Run service. This can lead to compromise of confidentiality and integrity of the deployed service environment. The CVSS 3.1 score is 8.4 (high), reflecting local attack vector with low complexity, no user interaction, and scope change with high confidentiality and integrity impact but no availability impact.
Mitigation Recommendations
Upgrade PraisonAI to version 4.5.128 or later, where this vulnerability is fixed. Prior versions improperly handle commas in environment variable values during deployment, enabling injection. No other mitigations are specified. Patch status is confirmed fixed in 4.5.128.
CVE-2026-40113: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in MervinPraison PraisonAI
Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injecting arbitrary environment variables into the deployed Cloud Run service. This vulnerability is fixed in 4.5.128.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
PraisonAI versions before 4.5.128 contain an argument injection vulnerability (CWE-88) in the deploy.py script. The script builds a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly inserting the values of openai_model, openai_key, and openai_base without sanitizing commas. Because gcloud interprets commas as separators for environment variable definitions, a comma in any of these values causes the trailing text to be parsed as additional environment variables, enabling injection of arbitrary environment variables into the Cloud Run deployment. This flaw allows an attacker with local privileges to influence environment variables in the deployed service, potentially leading to confidentiality and integrity impacts. The issue is resolved in PraisonAI version 4.5.128.
Potential Impact
An attacker with the ability to influence the openai_model, openai_key, or openai_base values used during deployment can inject arbitrary environment variables into the Cloud Run service. This can lead to compromise of confidentiality and integrity of the deployed service environment. The CVSS 3.1 score is 8.4 (high), reflecting local attack vector with low complexity, no user interaction, and scope change with high confidentiality and integrity impact but no availability impact.
Mitigation Recommendations
Upgrade PraisonAI to version 4.5.128 or later, where this vulnerability is fixed. Prior versions improperly handle commas in environment variable values during deployment, enabling injection. No other mitigations are specified. Patch status is confirmed fixed in 4.5.128.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T01:41:38.537Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d843751cc7ad14da3fb562
Added to database: 4/10/2026, 12:25:25 AM
Last enriched: 4/10/2026, 12:38:10 AM
Last updated: 4/10/2026, 8:40:34 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.