PraisonAI has an unspecified vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a security vulnerability that stems from the fact that the three-layer sandboxing of the executecode function can be completely bypassed, which can be exploited by an attacker to cause the execution of...

CVE-2026-39888 PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

PraisonAI is a multi-agent teams system. Prior to 1.5.115, executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess...

Arbitrary Code Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Code Injection via the executecode function. An attacker can gain unauthorized access to the host environment, execute arbitrary...

EUVD-2026-20635

PraisonAI has sandbox escape via exception frame traversal in executecode subprocess mode...

CVE-2026-34371 LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the executecode sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences f...

CVE-2026-34371 LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the executecode sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences f...

EUVD-2026-18919

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...

Arbitrary Code Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Code Injection via the executecode method. An attacker can execute arbitrary operating system commands by passing a crafted str...

CVE-2024-4326 Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the /applysettings and /executecode endpoints. Attackers can bypass protections by setting the host to localhost, enabling code...

CVE-2024-1522

A Cross-Site Request Forgery CSRF vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /executecode API endpoint, which does not properly validate requests, enabling an attacker to craft a...

CVE-2024-1522

CVE-2024-1522 affects the parisneo/lollms-webui project. The vulnerability is a CSRF in the /execute_code endpoint that fails to validate requests, allowing an attacker to craft a malicious page that submits commands to the victim's local lollms-webui instance and execute arbitrary OS commands. T...