CVE-2026-40088
CRITICAL WAF: High
CVSS 9.6
Published: 2026-04-09
CWE-78
PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. This vulnerability is fixed in 4.5.121.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| praison | praisonai | up to 4.5.121 |
References
- github.com (Release Notes)
- github.com (Exploit, Vendor Advisory)