How to fix EUVD-2026-21152?

Within 24 hours: identify all systems running PraisonAIAgents versions prior to 1.5.128 using inventory tools and immediately isolate affected instances from production networks. Within 7 days: upgrade all PraisonAIAgents deployments to version 1.5.128 or later once vendor release is confirmed available. Within 30 days: audit all .praisonai/hooks.json files across deployed agents for suspicious pre_run_command/post_run_command entries, review agent prompt logs for injection attempts, and implement access controls restricting local filesystem modifications to hooks.json by non-administrative users.

EUVD-2026-21152

Q: Is Command Injection affected by EUVD-2026-21152?

PraisonAIAgents versions before 1.5.128 contain a critical command injection vulnerability in memory hooks that allows authenticated local attackers to execute arbitrary system commands, with persistent compromise possible through agent prompt injection attacks that modify lifecycle hooks.

| CVE-2026-40111 CRITICAL

2026-04-09 GitHub_M

GHSA-v7px-3835-7gjx

9.3

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch Released

Apr 10, 2026 - 20:30 nvd

Patch available

EUVD ID Assigned

Apr 09, 2026 - 21:45 euvd

EUVD-2026-21152

Analysis Generated

Apr 09, 2026 - 21:45 vuln.today

CVE Published

Apr 09, 2026 - 21:14 nvd

CRITICAL 9.3

Description

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run() with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell metacharacters are interpreted by /bin/sh before the intended command executes. Two independent attack surfaces exist. The first is via pre_run_command and post_run_command hook event types registered through the hooks configuration. The second and more severe surface is the .praisonai/hooks.json lifecycle configuration, where hooks registered for events such as BEFORE_TOOL and AFTER_TOOL fire automatically during agent operation. An agent that gains file-write access through prompt injection can overwrite .praisonai/hooks.json and have its payload execute silently at every subsequent lifecycle event without further user interaction. This vulnerability is fixed in 1.5.128.

Analysis

Command injection in PraisonAIAgents memory hooks executor allows authenticated local attackers to execute arbitrary shell commands through unsanitized user input passed to subprocess.run() with shell=True. Affects versions prior to 1.5.128. …

Remediation

Within 24 hours: identify all systems running PraisonAIAgents versions prior to 1.5.128 using inventory tools and immediately isolate affected instances from production networks. Within 7 days: upgrade all PraisonAIAgents deployments to version 1.5.128 or later once vendor release is confirmed available. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +46

POC: 0

EUVD-2026-21152 vulnerability details – vuln.today

Back

EUVD-2026-21152

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-21152

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code