CVE-2026-39888

PraisonAI’s PraisonAIAgents contain a sandbox escape in execute_code() (subprocess mode) prior to version 1.5.115. The subprocess wrapper blocks only a subset of attributes, and the missing frame-traversal attributes (traceback , tb_frame, f_back, f_builtins) can be chained via a caught exception...

CVE-2026-39888 PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

PraisonAI is a multi-agent teams system. Prior to 1.5.115, executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess...

EUVD-2026-20635

PraisonAI has sandbox escape via exception frame traversal in executecode subprocess mode...

PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...

GHSA-QF73-2HRX-XPRP PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...