CVE-2026-34938
Published: 03 April 2026
Description
Adversaries may abuse Python commands and scripts for execution.
Security Summary
CVE-2026-34938 is a critical sandbox bypass vulnerability in PraisonAI, a multi-agent teams system. Prior to version 1.5.90, the execute_code() function in the praisonai-agents component executes attacker-controlled Python code within a three-layer sandbox. This protection can be fully circumvented by passing a string subclass with an overridden startswith() method to the _safe_getattr wrapper, resulting in arbitrary OS command execution on the host system. The vulnerability is associated with CWE-693 and carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By crafting malicious input that triggers the sandbox bypass, the attacker achieves full remote code execution on the host, potentially compromising confidentiality, integrity, and availability across the affected scope.
The vulnerability has been patched in PraisonAI version 1.5.90. Additional details on the issue and remediation are available in the GitHub security advisory at https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6vh2-h83c-9294.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote unauthenticated sandbox bypass in a network-accessible Python-based application enables exploitation of a public-facing application (T1190) leading to arbitrary code execution via Python interpreter (T1059.006).