CVE-2026-34937

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.90

Description PraisonAI's run python() function constructs a shell command string by interpolating user-controlled code into python3 -c "<code>" and passing it to subprocess.run(..., shell=True). The escaping logic only handles `` and ", leaving $() and backtick substitutions unescaped, which allows arbitrary OS command execution before Python is invoked. The function run python() is vulnerable due to incomplete escaping of user-controlled input. The vulnerable code is located in execute command.py lines 290, 297, and 310. The execute command function calls subprocess.run() with shell=True, which expands $() before Python is executed. The API endpoint is not explicitly mentioned, but the function run python() is exposed to prompt injection.

Recommendations Update PraisonAI to version 1.5.90 or later.