GHSA-qf73-2hrx-xprp: PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)
Summary
PraisonAI's `execute_code()` function has a critical sandbox escape vulnerability in its subprocess mode. The subprocess uses a blocklist of only 11 forbidden attributes, missing four key attributes (`__traceback__`, `tb_frame`, `f_back`, `f_builtins`) that attackers can chain together through exception handling to access the real Python builtins and execute arbitrary code, completely bypassing the sandbox.
Vulnerability Details
EPSS: 0.0%
Yes
April 8, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-qf73-2hrx-xprp
First tracked: April 8, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%