GHSA-3C4R-6P77-XWR7 PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure

PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. Description The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST filtering to block dangerous Python attributes...

CVE-2026-34955

PraisonAI's SubprocessSandbox is vulnerable prior to version 4.5.97: it uses subprocess.run() with shell=True in all modes and blocks commands only by string-pattern matching, not recognizing sh/bash as standalone executables. This enables sandbox escape in STRICT mode via sh -c '' (and related b...