Lucene search
K

5 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-484 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

Summary executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Details pythontools.py:2...

10CVSS6.1AI score0.00707EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/03 10:51 p.m.16 views

CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...

10CVSS0.00707EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/03 10:51 p.m.3 views

CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...

10CVSS6.1AI score0.00707EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/01 11:17 p.m.6 views

PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

Summary executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Details pythontools.py:2...

10CVSS6.2AI score0.00707EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/01 11:17 p.m.8 views

GHSA-6VH2-H83C-9294 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

Summary executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Details pythontools.py:2...

10CVSS6.2AI score0.00707EPSS
Exploits1References3
Rows per page
Query Builder