What is the CVSS score of EUVD-2026-21156?

EUVD-2026-21156 has a CVSS 3.1 base score of 8.4 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Praisonai are affected by EUVD-2026-21156?

PraisonAI versions before 4.5.128 contain an environment variable injection vulnerability in deployment scripts that allows authenticated users with local system access to inject malicious…. A patch is available.

How to fix or mitigate EUVD-2026-21156?

Within 24 hours: Identify all systems running PraisonAI versions prior to 4.5.128 and restrict local access to deployment scripts. Within 7 days: Rotate all OpenAI API keys and Google Cloud credentials that may have been exposed through deployment environments; audit Cloud Run service configuration for unauthorized environment variables. Within 30 days: Upgrade PraisonAI to version 4.5.128 or later once vendor patch is released and validated; implement principle-of-least-privilege access controls for deployment tooling.

Praisonai EUVD-2026-21156

| CVE-2026-40113 HIGH

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)

2026-04-09 GitHub_M

GHSA-fvxx-ggmx-3cjg

Code Injection Praisonai

8.4

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.4 HIGH

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 19:37 vuln.today

cvss_changed

Patch released

Apr 10, 2026 - 20:30 nvd

Patch available

EUVD ID Assigned

Apr 09, 2026 - 21:45 euvd

EUVD-2026-21156

Analysis Generated

Apr 09, 2026 - 21:45 vuln.today

CVE Published

Apr 09, 2026 - 21:17 nvd

HIGH 8.4

DescriptionGitHub Advisory

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injecting arbitrary environment variables into the deployed Cloud Run service. This vulnerability is fixed in 4.5.128.

AnalysisAI

Environment variable injection in PraisonAI deploy.py (versions prior to 4.5.128) allows authenticated local attackers to inject arbitrary environment variables into Google Cloud Run services during deployment. The vulnerability stems from improper validation of comma-separated gcloud CLI arguments, enabling attackers to manipulate openai_model, openai_key, or openai_base parameters with embedded commas, causing gcloud to parse injected content as additional KEY=VALUE pairs. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious OpenAI configuration with embedded commas

Exploit

deploy.py interpolates unvalidated values into gcloud command

Execution

gcloud parses injected KEY=VALUE pairs

Impact

arbitrary environment variables deployed to Cloud Run service