CVE-2026-40111

Name of the Vulnerable Software and Affected Versions PraisonAIAgents versions prior to 1.5.128

Description PraisonAIAgents is a multi-agent teams system. The memory hooks executor in PraisonAIAgents passes a user-controlled command string directly to subprocess.run() with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed, allowing shell metacharacters to be interpreted by /bin/sh before the intended command executes. Two attack surfaces exist: through pre run command and post run command hook event types registered through the hooks configuration, and through the .praisonai/hooks.json lifecycle configuration. An agent gaining file-write access through prompt injection can overwrite .praisonai/hooks.json and have its payload execute silently at every subsequent lifecycle event without further user interaction.

Recommendations Update to PraisonAIAgents version 1.5.128 or later.