Arbitrary Shell Command Execution Vulnerability in PraisonAI by Mervin
CVE-2026-56075

8.7HIGH

Key Information:

Vendor: Praisonai
Status: Praisonai
Vendor: CVE Published:; 18 June 2026

What is CVE-2026-56075?

PraisonAI before version 4.5.128 suffers from a vulnerability that allows authenticated users to execute arbitrary shell commands due to a hardcoded configuration setting. The application bypasses configured security measures by automatically setting the approval mode to 'auto', disregarding the administrator's settings in the environment variable. This oversight enables attackers to leverage the LLM agent to run potentially harmful shell commands, undermining the expected safeguards and posing a significant risk to system integrity.

Affected Version(s)

PraisonAI 0 < 4.5.128

PraisonAI 4.5.128

References

https://github.com/MervinPraison/PraisonAI/security/advis...

vendor-advisory

https://www.vulncheck.com/advisories/praisonai-arbitrary-...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Jun 18, 2026

Credit

offset

CVE-2026-56075 Data

JSON

Praisonai

What is CVE-2026-56075?

Affected Version(s)

References

CVSS V4

Timeline

Credit