CVE-2026-40111: PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a us
Summary
PraisonAIAgents (a system for running multiple AI agents as teams) has a critical vulnerability in versions before 1.5.128 where user-controlled commands are passed directly to subprocess.run() with shell=True (a function that executes system commands), allowing attackers to inject shell metacharacters (special characters like pipes and semicolons that the shell interprets as instructions) and run arbitrary code. An attacker who gains file-write access through prompt injection (tricking an AI by hiding malicious instructions in its input) can modify the .praisonai/hooks.json configuration file to execute malicious code automatically every time the agent runs.
Solution / Mitigation
Update PraisonAIAgents to version 1.5.128 or later, where this vulnerability is fixed.
Vulnerability Details
EPSS: 0.0%
April 9, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-40111
First tracked: April 9, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 92%