Command Injection Vulnerability in PraisonAIAgents by Mervin Praison
CVE-2026-40111

9.3CRITICAL

Key Information:

Vendor: Mervinpraison
Status: Praisonaiagents
Vendor: CVE Published:; 9 April 2026

🔔 Create Mervinpraison Vulnerability Alert

What is CVE-2026-40111?

PraisonAIAgents, a system designed for multi-agent teams, is susceptible to a command injection vulnerability where user-controlled command strings are improperly handled. In versions prior to 1.5.128, the application directly passes these strings to subprocess.run() with shell=True, lacking necessary sanitization. This allows attackers to exploit two key surfaces: through hook event types such as pre_run_command and post_run_command, and significantly through the lifecycle configuration file .praisonai/hooks.json. By gaining file-write access via prompt injection, an attacker can manipulate this file to execute arbitrary code silently during lifecycle events, without requiring further user intervention. The issue is addressed in version 1.5.128.

Affected Version(s)

PraisonAIAgents < 1.5.128

References

https://github.com/MervinPraison/PraisonAI/security/advis...

x_refsource_CONFIRM

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Apr 9, 2026

CVE-2026-40111 Data

JSON