CVE-2026-34935
Published: 03 April 2026
Description
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Security Summary
CVE-2026-34935 is a critical command injection vulnerability (CWE-78) in PraisonAI, a multi-agent teams system. It affects versions 4.5.15 through 4.5.68, where the --mcp CLI argument is passed directly to shlex.split() and forwarded unsanitized through the call chain to anyio.open_process(), enabling arbitrary OS command execution as the process user.
Remote attackers require no privileges or user interaction to exploit this vulnerability, which has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By supplying a malicious --mcp argument, attackers can execute arbitrary commands on the host system with the privileges of the PraisonAI process, potentially achieving full compromise including data exfiltration, persistence, or further lateral movement.
The vulnerability has been patched in PraisonAI version 4.5.69. Mitigation details are available in the GitHub security advisory at https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9gm9-c8mq-vq7m and the patching commit at https://github.com/MervinPraison/PraisonAI/commit/47bff65413beaa3c21bf633c1fae4e684348368c.
Given PraisonAI's role as a multi-agent teams system, this flaw underscores command injection risks in AI/ML development tools that rely on CLI interfaces for process spawning.
Details
- CWE(s)
Affected Products
AI Security Analysis
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- Matched keywords: mcp
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables unauthenticated remote command injection (T1190: Exploit Public-Facing Application) leading to arbitrary OS command execution (T1059: Command and Scripting Interpreter).