2 matches found
CVE-2026-34955
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone...
CVE-2026-34955
creationtimestamp| type| source ---|---|--- 2026-03-31 15:25:42+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-r4f2-3m54-pp7q 2026-04-04 01:19:10+00:00| published-proof-of-concept| Telegram/7aT9UpYbZ02LD1lZLti1mg9cdxIpZxAoIiq3Sp7jGujjzO4...