CVE-2026-34938 CRITICAL

CVE-2026-34938: PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

Vendor Mervinpraison

Product PraisonAI

Weakness CWE-693

Published April 3, 2026

Last update April 6, 2026

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

Description

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith() method to the _safe_getattr wrapper, achieving arbitrary OS command execution on the host. This issue has been patched in version 1.5.90.

Key dates

Disclosure timeline

April 3, 2026 CVE published

April 6, 2026 Record updated