What is the CVSS score of CVE-2026-40153?

CVE-2026-40153 has a CVSS 3.1 base score of 7.4 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of PraisonAIAgents are affected by CVE-2026-40153?

PraisonAIAgents versions below 1.5.128 contain a critical secret exfiltration vulnerability where environment variables containing sensitive credentials (API keys, database passwords, cloud access…. A patch is available.

PraisonAIAgents CVE-2026-40153

EUVD-2026-21176 HIGH

Cleartext Storage of Sensitive Information in an Environment Variable (CWE-526)

2026-04-09 GitHub_M

GHSA-v8g7-9q6v-p3x8

Information Disclosure

7.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 20, 2026 - 20:07 vuln.today

cvss_changed

Patch released

Apr 10, 2026 - 20:30 nvd

Patch available

EUVD ID Assigned

Apr 09, 2026 - 21:45 euvd

EUVD-2026-21176

Analysis Generated

Apr 09, 2026 - 21:45 vuln.today

CVE Published

Apr 09, 2026 - 21:27 nvd

HIGH 7.4

DescriptionNVD

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False (line 88) for security. This allows exfiltration of secrets stored in environment variables (database credentials, API keys, cloud access keys). The approval system displays the unexpanded $VAR references to human reviewers, creating a deceptive approval where the displayed command differs from what actually executes. This vulnerability is fixed in 1.5.128.

AnalysisAI

Environment variable exfiltration in PraisonAIAgents versions prior to 1.5.128 allows unauthenticated remote attackers to steal secrets (database credentials, API keys, cloud access keys) through shell_tools.py execute_command function. The vulnerability leverages deceptive command approval where unexpanded $VAR references shown to human reviewers differ from executed commands containing expanded environment variable values. …

RemediationAI

Within 24 hours: Identify all systems running PraisonAIAgents and document current versions via dependency scanning and asset inventory. Within 7 days: If version 1.5.128 or later is available, upgrade all PraisonAIAgents instances to version 1.5.128 minimum; if unavailable, disable shell_tools.py execute_command functionality or isolate affected systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40153 vulnerability details – vuln.today

Back

PraisonAIAgents CVE-2026-40153

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code