CVE-2026-34937 HIGH

CVE-2026-34937: PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Vendor Mervinpraison

Product PraisonAI

Weakness CWE-78

Published April 3, 2026

Last update April 6, 2026

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

Description

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "<code>" and passing it to subprocess.run(..., shell=True). The escaping logic only handles \ and ", leaving $() and backtick substitutions unescaped, allowing arbitrary OS command execution before Python is invoked. This issue has been patched in version 1.5.90.

Key dates

Disclosure timeline

April 3, 2026 CVE published

April 6, 2026 Record updated