CVE-2026-34937
published 2026-04-03CVE-2026-34937: PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
41.6th percentile
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run(..., shell=True). The escaping logic only handles \ and ", leaving $() and backtick substitutions unescaped, allowing arbitrary OS command execution before Python is invoked. This issue has been patched in version 1.5.90.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mervinpraison | praisonai | < 1.5.90 | 1.5.90 |
| mervinpraison | praisonaiagents | >= 0 < 1.5.90 | 1.5.90 |
| praison | praisonaiagents | < 1.5.90 | 1.5.90 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
osv·2026-04-01
CVE-2026-34937 [HIGH] PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
### Summary
`run_python()` in `praisonai` constructs a shell command string by interpolating user-controlled code into `python3 -c ""` and passing it to `subprocess.run(..., shell=True)`. The escaping logic only handles `\` and `"`, leaving `$()` and backtick substitutions unescaped, allowing arbitrary OS command execution before Python is invoked.
### Details
`execute_command.py:290` (source) -> `execute_command.py:297` (hop) -> `execute_command.py:310` (sink)
```python
# source -- user-controlled code argument
def run_python(code: str, cwd=None, timeout=60):
# hop -- incomplete escaping, $ and () not handled
escaped_code = code.replace('\\', '\\\\').replace('"', '\\"')
command = f'{python_cmd} -c "{escaped_cod
GHSA
PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
ghsa·2026-04-01
CVE-2026-34937 [HIGH] CWE-78 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
### Summary
`run_python()` in `praisonai` constructs a shell command string by interpolating user-controlled code into `python3 -c ""` and passing it to `subprocess.run(..., shell=True)`. The escaping logic only handles `\` and `"`, leaving `$()` and backtick substitutions unescaped, allowing arbitrary OS command execution before Python is invoked.
### Details
`execute_command.py:290` (source) -> `execute_command.py:297` (hop) -> `execute_command.py:310` (sink)
```python
# source -- user-controlled code argument
def run_python(code: str, cwd=None, timeout=60):
# hop -- incomplete escaping, $ and () not handled
escaped_code = code.replace('\\', '\\\\').replace('"', '\\"')
command = f'{python_cmd} -c "{escaped_cod
No detection rules found.
No public exploits indexed.
2026-04-03
Published