CVE-2026-34935

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.69

Description PraisonAI is susceptible to OS Command Injection, potentially leading to Remote Code Execution (RCE). The --mcp command-line argument is passed to shlex.split() and then to anyio.open process() without validation, allowing arbitrary OS command execution as the process user. The vulnerability exists due to the lack of input validation when processing the --mcp argument. The vulnerable code path involves the cli/features/mcp.py file, which passes the command to praisonaiagents/mcp/mcp.py and ultimately to mcp/client/stdio/ init .py. The issue is fixed by introducing a command allowlist in commit 47bff65413beaa3c21bf633c1fae4e684348368c.

Recommendations Update PraisonAI to version 4.5.69 or later.