GHSA-2763-cj5r-c79m: PraisonAI Vulnerable to OS Command Injection
criticalvulnerabilityLLM-Specific
security
Source: GitHub Advisory DatabaseApril 8, 2026
Summary
PraisonAI has a critical vulnerability where the `execute_command` function and workflow shell execution pass user-controlled input directly to `subprocess.run()` with `shell=True`, allowing attackers to inject arbitrary shell commands through YAML workflow files, agent configurations, and LLM-generated tool calls by exploiting shell metacharacters like semicolons and pipes.
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
LangChain
Affected Packages
PraisonAI@< 4.5.121 (fixed: 4.5.121)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-2763-cj5r-c79m
First tracked: April 8, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%