Is Command Injection affected by EUVD-2026-22209?

PraisonAI workflow engine versions below 4.5.139 and praisonaiagents below 1.5.140 contain a critical remote code execution vulnerability allowing unauthenticated attackers to execute arbitrary commands through malicious YAML files, creating immediate risk for any organization using these tools in…

EUVD-2026-22209

Q: How to fix EUVD-2026-22209?

Within 24 hours: Identify all systems running PraisonAI workflow engine <4.5.139 or praisonaiagents <1.5.140 (audit container registries, dependency manifests, and deployment configs). Within 7 days: Implement network segmentation to restrict workflow engine access to trusted sources only; disable or isolate affected instances pending remediation. Within 30 days: Upgrade PraisonAI workflow engine to version 4.5.139 or later and praisonaiagents to version 1.5.140 or later; validate YAML workflows for malicious directives before execution.

| CVE-2026-40288 CRITICAL

2026-04-14 GitHub_M

GHSA-vc46-vw85-3wvm

RCE Command Injection Python

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 15:37 vuln.today

cvss_changed

Analysis Generated

Apr 14, 2026 - 04:10 vuln.today

DescriptionNVD

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run <file.yaml> loads a YAML file with type: job, the JobWorkflowExecutor in job_workflow.py processes steps that support run: (shell commands via subprocess.run()), script: (inline Python via exec()), and python: (arbitrary Python script execution)-all without any validation, sandboxing, or user confirmation. The affected code paths include action_run() in workflow.py and _exec_shell(), _exec_inline_python(), and _exec_python_script() in job_workflow.py. An attacker who can supply or influence a workflow YAML file (particularly in CI pipelines, shared repositories, or multi-tenant deployment environments) can achieve full arbitrary command execution on the host system, compromising the machine and any accessible data or credentials. This issue has been fixed in versions 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents.

AnalysisAI

Arbitrary command and code execution in PraisonAI's workflow engine (versions <4.5.139) and praisonaiagents (<1.5.140) allows remote unauthenticated attackers to execute shell commands and Python code through malicious YAML workflow files. The vulnerability stems from unsafe processing of 'run:', 'script:', and 'python:' directives in job-type workflows without validation or sandboxing. …

RemediationAI

Within 24 hours: Identify all systems running PraisonAI workflow engine <4.5.139 or praisonaiagents <1.5.140 (audit container registries, dependency manifests, and deployment configs). Within 7 days: Implement network segmentation to restrict workflow engine access to trusted sources only; disable or isolate affected instances pending remediation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-22209 vulnerability details – vuln.today

Back

EUVD-2026-22209

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code