CVE 9.7 CRITICAL

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) in praisonai_CVE-2026-40088

April 12, 2026 invoker category_cve

9.7 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. This vulnerability is fixed in 4.5.121.

AI Analysis

OS Command Injection vulnerability in PraisonAI due to improper neutralization of special elements used in an OS command, allowing attackers to inject arbitrary shell commands.

Basic Information

ID CVE-2026-40088

Source GitHub_M

Published Apr 9, 2026 at 19:45

Modified Apr 9, 2026 at 20:14

Affected Product

Vendor MervinPraison

Product PraisonAI

Version < 4.5.121

Affected Versions MervinPraison PraisonAI < 4.5.121

CWE Classification

CWE-78

AI Assessment

AI Score 9.7 / 10

AI Severity Critical

Vendor MervinPraison

Product PraisonAI

Version < 4.5.121

References

{
    "lastseen": "",
    "description": "PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. This vulnerability is fixed in 4.5.121.",
    "published": "2026-04-09T19:45:13.203Z",
    "modified": "2026-04-09T20:14:56.938Z",
    "type": "cve",
    "title": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai",
    "source": "GitHub_M",
    "references": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2763-cj5r-c79m\nhttps://github.com/MervinPraison/PraisonAI/releases/tag/v4.5.121",
    "id": "CVE-2026-40088",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "MervinPraison PraisonAI < 4.5.121",
    "sourceHref": "",
    "cvss": {
        "score": 9.7,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PraisonAI",
    "version": "< 4.5.121",
    "vendor": "MervinPraison",
    "ai_description": "OS Command Injection vulnerability in PraisonAI due to improper neutralization of special elements used in an OS command, allowing attackers to inject arbitrary shell commands.",
    "ai_severity": "Critical",
    "ai_vendor": "MervinPraison",
    "ai_product": "PraisonAI",
    "ai_version": "< 4.5.121",
    "ai_score": 9.7
}

💭 Join the Security Discussion ❌ Cancel Reply