CVE 9.8 CRITICAL

Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI_CVE-2026-41497

May 8, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. This issue has been patched in version 4.6.9.

AI Analysis

Command Injection vulnerability in PraisonAI due to incomplete fix for CVE-2026-34935, allowing arbitrary executables to pass through to subprocess execution

Basic Information

ID CVE-2026-41497

Source GitHub_M

Published May 8, 2026 at 13:23

Affected Product

Vendor MervinPraison

Product PraisonAI

Version < 4.6.9

Affected Versions MervinPraison PraisonAI < 4.6.9

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor MervinPraison

Product PraisonAI

Version < 4.6.9

References

{
    "lastseen": "",
    "description": "PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. This issue has been patched in version 4.6.9.",
    "published": "2026-05-08T13:23:36.294Z",
    "modified": "2026-05-08T13:23:36.294Z",
    "type": "cve",
    "title": "Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI",
    "source": "GitHub_M",
    "references": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9qhq-v63v-fv3j\nhttps://github.com/MervinPraison/PraisonAI/commit/47bff65413beaa3c21bf633c1fae4e684348368c",
    "id": "CVE-2026-41497",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "MervinPraison PraisonAI < 4.6.9",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PraisonAI",
    "version": "< 4.6.9",
    "vendor": "MervinPraison",
    "ai_description": "Command Injection vulnerability in PraisonAI due to incomplete fix for CVE-2026-34935, allowing arbitrary executables to pass through to subprocess execution",
    "ai_severity": "Critical",
    "ai_vendor": "MervinPraison",
    "ai_product": "PraisonAI",
    "ai_version": "< 4.6.9",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply