Arbitrary Command Execution Vulnerability in PraisonAI by Mervin Praison
CVE-2026-40288

9.8CRITICAL

Key Information:

Vendor: Mervinpraison
Status: Praisonai; Praisonaiagents
Vendor: CVE Published:; 14 April 2026

🔔 Create Mervinpraison Vulnerability Alert

What is CVE-2026-40288?

PraisonAI, a multi-agent teams system, contains a vulnerability that allows arbitrary command and code execution due to improper handling of untrusted YAML files. Specifically, in versions prior to 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, its workflow engine can execute commands without proper validation or sandboxing. This becomes critical in environments like CI pipelines or shared repositories, where a malicious actor can manipulate a YAML file leading to full command execution on the host system. The vulnerable components include specific methods in job_workflow.py and workflow.py, which without user confirmation or safeguards allow attackers to run shell commands or scripts. To mitigate this risk, users are advised to update to the latest versions.

Affected Version(s)

PraisonAI < 4.5.139

praisonaiagents < 1.5.140

References

https://github.com/MervinPraison/PraisonAI/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40288 Data

JSON