CVE-2026-40113
published 2026-04-09CVE-2026-40113: PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars…
PriorityP347high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.23%
13.8th percentile
PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run
deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injecting arbitrary environment variables into the deployed Cloud Run service. This vulnerability is fixed in 4.5.128.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mervinpraison | praisonai | < 4.5.128 | 4.5.128 |
| mervinpraison | praisonai | >= 0 < 4.5.128 | 4.5.128 |
| praison | praisonai | < 4.5.128 | 4.5.128 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MervinPraison PraisonAI up to 4.5.127 Cloud Run Service deploy.py openai_model/openai_key/openai_base argument injection (GHSA-fvxx-ggmx-3cjg)
vuldb·2026-04-10·CVSS 8.4
CVE-2026-40113 [HIGH] MervinPraison PraisonAI up to 4.5.127 Cloud Run Service deploy.py openai_model/openai_key/openai_base argument injection (GHSA-fvxx-ggmx-3cjg)
A vulnerability was found in MervinPraison PraisonAI up to 4.5.127. It has been classified as critical. This issue affects some unknown processing of the file deploy.py of the component Cloud Run Service. This manipulation of the argument openai_model/openai_key/openai_base causes argument injection.
This vulnerability is tracked as CVE-2026-40113. The attack is restricted to local execution. No exploit exists.
Upgrading the affected component is recommended.
GHSA
PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
ghsa·2026-04-10
CVE-2026-40113 [HIGH] CWE-88 PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
**Summary**
deploy.py constructs a single comma-delimited string for the gcloud run
deploy --set-env-vars argument by directly interpolating openai_model,
openai_key, and openai_base without validating that these values do not
contain commas. gcloud uses a comma as the key-value pair separator for
--set-env-vars. A comma in any of the three values causes gcloud to
parse the trailing text as additional KEY=VALUE definitions, injecting
arbitrary environment variables into the deployed Cloud Run service.
Grep Commands and Evidence
Step 1. Confirm the vulnerable string construction at line 150
```
grep -n "set-env-vars\|openai_key\|openai_base\|openai_model" \
src
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-09
Published