Critical severity9.6NVD Advisory· Published Apr 9, 2026· Updated Apr 16, 2026
CVE-2026-40088
CVE-2026-40088
Description
PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. This vulnerability is fixed in 4.5.121.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PraisonAIPyPI | < 4.5.121 | 4.5.121 |
praisonaiPyPI | < 4.5.121 | 4.5.121 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/MervinPraison/PraisonAI/security/advisories/GHSA-2763-cj5r-c79mnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-2763-cj5r-c79mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-40088ghsaADVISORY
- github.com/MervinPraison/PraisonAI/releases/tag/v4.5.121nvdRelease NotesWEB
News mentions
0No linked articles in our index yet.