CVE-2026-34935
EUVD-2026-1891303.04.2026, 23:17
PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_process() with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command execution as the process user. This issue has been patched in version 4.5.69.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| praison | praisonai | 4.5.15 ≤ 𝑥 < 4.5.69 |
𝑥
= Vulnerable software versions