What is the CVSS score of CVE-2026-40153?

CVE-2026-40153 has a CVSS 3.1 base score of 7.4 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Praisonaiagents are affected by CVE-2026-40153?

PraisonAIAgents versions below 1.5.128 contain a critical secret exfiltration vulnerability where environment variables containing sensitive credentials (API keys, database passwords, cloud access…. A patch is available.

How to fix or mitigate CVE-2026-40153?

Within 24 hours: Identify all systems running PraisonAIAgents and document current versions via dependency scanning and asset inventory. Within 7 days: If version 1.5.128 or later is available, upgrade all PraisonAIAgents instances to version 1.5.128 minimum; if unavailable, disable shell_tools.py execute_command functionality or isolate affected systems. Within 30 days: Conduct credential rotation for all API keys, database passwords, and cloud access keys that may have been accessible to PraisonAIAgents processes; implement environment variable access logging and review execution audit trails for suspicious command patterns.

Praisonaiagents CVE-2026-40153

EUVD-2026-21176 HIGH

Cleartext Storage of Sensitive Information in an Environment Variable (CWE-526)

2026-04-09 GitHub_M

GHSA-v8g7-9q6v-p3x8

Information Disclosure Praisonaiagents

7.4

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.4 HIGH

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 20, 2026 - 20:07 vuln.today

cvss_changed

Patch released

Apr 10, 2026 - 20:30 nvd

Patch available

EUVD ID Assigned

Apr 09, 2026 - 21:45 euvd

EUVD-2026-21176

Analysis Generated

Apr 09, 2026 - 21:45 vuln.today

CVE Published

Apr 09, 2026 - 21:27 nvd

HIGH 7.4

DescriptionGitHub Advisory

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False (line 88) for security. This allows exfiltration of secrets stored in environment variables (database credentials, API keys, cloud access keys). The approval system displays the unexpanded $VAR references to human reviewers, creating a deceptive approval where the displayed command differs from what actually executes. This vulnerability is fixed in 1.5.128.

AnalysisAI

Environment variable exfiltration in PraisonAIAgents versions prior to 1.5.128 allows unauthenticated remote attackers to steal secrets (database credentials, API keys, cloud access keys) through shell_tools.py execute_command function. The vulnerability leverages deceptive command approval where unexpanded $VAR references shown to human reviewers differ from executed commands containing expanded environment variable values. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft command with environment variable references

Delivery

Submit to approval system

Exploit

Reviewer approves unexpanded $VAR syntax

Execution

execute_command expands variables

Impact

Exfiltrate secrets in environment

Access

Craft command with environment variable references

Delivery

Submit to approval system

Exploit

Reviewer approves unexpanded $VAR syntax

Execution

execute_command expands variables

Impact

Exfiltrate secrets in environment

Vulnerability AssessmentAI

Exploitation	The victim must be a human reviewer in PraisonAIAgents (prior to 1.5.128) who approves a crafted command containing $VAR environment variable references. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Network-exploitable without authentication; requires user interaction (UI:R) to approve deceptive commands. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Attacker crafts PraisonAIAgents prompt containing obfuscated $VAR references (e.g., `cat $DATABASE_PASSWORD`). Approval interface displays benign-looking command; human reviewer approves. …
Remediation	Vendor-released patch: upgrade PraisonAIAgents to version 1.5.128 immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running PraisonAIAgents and document current versions via dependency scanning and asset inventory. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-40153 vulnerability details – vuln.today

Back

Praisonaiagents CVE-2026-40153

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code