Lucene search
K

4 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-484 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

Summary executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Details pythontools.py:2...

10CVSS6.1AI score0.00707EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.5 views

CVE-2026-34938

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...

10CVSS6.1AI score0.00707EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/03 10:51 p.m.4 views

CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...

10CVSS6.1AI score0.00707EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29825

Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description PraisonAI is susceptible to a critical Python sandbox escape issue that permits code execution outside of the intended sandbox environment. The flaw resides within the execute code function...

10CVSS6.5AI score0.00707EPSS
Exploits1References11
Rows per page
Query Builder