Vulnerability Details CVE-2026-34935
PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_process() with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command execution as the process user. This issue has been patched in version 4.5.69.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.3%
CVSS Severity
CVSS v3 Score 9.8
References