{"data":{"id":"5338efe5-1566-45a8-8eb4-2e6ba2a3c5b0","title":"CVE-2026-40111: PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a us","summary":"PraisonAIAgents (a system for running multiple AI agents as teams) has a critical vulnerability in versions before 1.5.128 where user-controlled commands are passed directly to subprocess.run() with shell=True (a function that executes system commands), allowing attackers to inject shell metacharacters (special characters like pipes and semicolons that the shell interprets as instructions) and run arbitrary code. An attacker who gains file-write access through prompt injection (tricking an AI by hiding malicious instructions in its input) can modify the .praisonai/hooks.json configuration file to execute malicious code automatically every time the agent runs.","solution":"Update PraisonAIAgents to version 1.5.128 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40111","publishedAt":"2026-04-09T22:16:34.560Z","cveId":"CVE-2026-40111","cweIds":["CWE-78"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["prompt_injection","supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["PraisonAIAgents"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-09T22:16:34.560Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010","AML.T0051"]}}