PT-2026-37122 · Praisonai · Praisonai

Decsecre583

Published

2026-04-17

Updated

2026-05-26

CVE-2026-41497

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.9

Description Insufficient command handling in the parse mcp command() function allows for arbitrary code execution. The function fails to implement a command allowlist or argument validation, enabling executables such as bash, python, or /bin/sh with inline code execution flags to be passed directly to subprocess execution. This issue exists within the MCPHandler.parse mcp command() method located in src/praisonai/praisonai/cli/features/mcp.py.

Recommendations Update to version 4.6.9. As a temporary workaround, restrict access to the parse mcp command() function or the MCP module to minimize the risk of exploitation.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2026-41497

GHSA-9QHQ-V63V-FV3J

Affected Products

Praisonai

PT-2026-37122 · Praisonai · Praisonai

CVE-2026-41497

Weakness Enumeration

Related Identifiers

Affected Products

References · 9