{"data":{"id":"5d31a518-098a-45b2-be56-1396e477895a","title":"GHSA-6vh2-h83c-9294: PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code","summary":"The `execute_code()` function in PraisonAI uses a sandbox to restrict what Python code can do, but attackers can bypass all three security layers by creating a custom `str` subclass (a modified version of the string type) with an overridden `startswith()` method, allowing them to run arbitrary OS commands on the host system. This is especially dangerous because many deployments auto-approve code execution without human review, so an attacker could trigger the vulnerability silently through indirect prompt injection (sneaking malicious instructions into the AI's input).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-6vh2-h83c-9294","publishedAt":"2026-04-01T23:17:48.000Z","cveId":"CVE-2026-34938","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["praisonaiagents@<= 1.5.89 (fixed: 1.5.90)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["PraisonAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-04-01T23:17:48.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}