CVE-2026-34935:

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_process() with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command execution as the process user. This issue has been patched in version 4.5.69.

Score
A numerical rating that indicates how dangerous this vulnerability is.

9.8Critical

Published Date:Apr 3, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Exploitability

Score:3.9
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_process() with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command execution as the process user. This issue has been patched in version 4.5.69.

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low

Mining

Utilities

Information

Construction

Retail Trade

Manufacturing

Wholesale Trade

Educational Services

Finance and Insurance

Public Administration

Real Estate Rental and Leasing

Transportation and Warehousing

Accommodation and Food Services

Health Care and Social Assistance

Arts, Entertainment, and Recreation

Management of Companies and Enterprises

Agriculture, Forestry, Fishing and Hunting

Other Services (except Public Administration)

Professional, Scientific, and Technical Services

Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!