CVE-2026-34938

Name of the Vulnerable Software and Affected Versions PraisonAI (affected versions not specified)

Description PraisonAI is susceptible to a critical Python sandbox escape issue that permits code execution outside of the intended sandbox environment. The flaw resides within the execute code() function in praisonai-agents, which allows for arbitrary OS command execution on the host system. This is achieved by supplying a str subclass with an overridden startswith() method to the safe getattr wrapper, effectively bypassing the sandbox's security measures. The vulnerability is triggered through the safe getattr function, which incorrectly handles subclasses of strings, and ultimately leads to the execution of arbitrary code via the Popen function. The vulnerability can be exploited in deployments using bot.py, autonomy mode.py, or bots cli.py when PRAISONAI AUTO APPROVE is set to true, enabling silent execution upon indirect prompt injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.