CVE-2026-34955

CRITICAL WAF: High

CVSS 10.0 Published: 2026-04-04

CWE-78

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone executables, allowing trivial sandbox escape in STRICT mode via sh -c ''. This issue has been patched in version 4.5.97.

WAF Coverage Analysis

OS Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

Affected Software

Vendor	Product	Version
praison	praisonai	up to 4.5.97

References

github.com (Exploit, Mitigation, Vendor Advisory)

Back to CVE Database