PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override | Advisories

Advisories

PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override

severity: high
date: 6/18/2026
Affecting: PraisonAI >= 0, < 4.5.128
CVE: CVE-2026-56075
CWE: CWE-863 Incorrect Authorization
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: GHSA Advisory GHSA-qwgj-rrpj-75xm
Credit: offset
Description: PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overriding administrator configuration from PRAISON_APPROVAL_MODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary shell commands via subprocess.run with shell=True, bypassing the manual approval gate and insufficient command sanitization blocklists.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo