CVE-2026-40153

PraisonAIAgents is affected by CVE-2026-40153: prior to 1.5.128, execute_command in shell_tools.py expands environment variables via os.path.expandvars() for all command arguments, despite shell=False, enabling exfiltration of secrets (DB credentials, API keys, cloud keys). The approval UI also s...

CVE-2026-40153 PraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...

CVE-2026-40153 PraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...

EUVD-2026-11486

A weakness has been identified in OpenAkita up to 1.24.3. This impacts the function run of the file src/openakita/tools/shell.py of the component Chat API Endpoint. Executing a manipulation of the argument Message can lead to os command injection. The attack is restricted to local execution. The...

CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

MS-Agent does not properly sanitize commands sent to its shell tool, allowing for RCE

Overview A command injection vulnerability was identified in the MS-Agent framework that can be triggered through unsanitized prompt-derived input. An attacker can craft untrusted input introduced via a chat prompt or other external content sources, resulting in arbitrary command execution on the...

Exploit for CVE-2026-2256

CVE-2026–2256 PoC Executive Summary A critical command in...

Arbitrary Command Injection

Overview aworld is an Ant Agent Package Affected versions of this package are vulnerable to Arbitrary Command Injection through the subprocess.run and subprocess.Popen functions in shelltool.py. This allows an attacker to inject malicious commands due to insufficient sanitization of user-supplied...

CVE-2025-4032

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

StrutsShell Apache Struts CVE-2017-5638 Shell Introducti...

[SECURITY] Fedora 24 Update: parallel-20160222-1.fc24

GNU Parallel is a shell tool for executing jobs in parallel using one or mo re machines. A job is typically a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of file s, a list of hosts, a list of users, or a list of tables. If yo...

Compilation escape the antivirus production methods-vulnerability warning-the black bar safety net

Today I to famous hacking software dove gray VIP2005, for example, said the following What about the use of pseudo-SMC in the art to add a little pseudo-flower instructions to transform your ownfree killTrojan! It says here that the pseudo-SMC mean the use of SMC principles of the transfer code...