CVE-2026-41497
CRITICALIncomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI
Title source: cnaDescription
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. This issue has been patched in version 4.6.9.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9qhq-v63v-fv3j
X_Refsource_Misc x_refsource_misc
https://github.com/MervinPraison/PraisonAI/commit/47bff65413beaa3c21bf633c1fae4e684348368c
Scores
CVSS v3
9.8
EPSS
0.0008
EPSS Percentile
23.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-77
CWE-78
Status
published
Products (3)
MervinPraison/PraisonAI
< 4.6.9
praison/praisonai
< 4.6.9
pypi/praisonai
0 - 4.5.149PyPI
Published
May 08, 2026
Tracked Since
May 08, 2026