An arbitrary shell command execution vulnerability in PraisonAI allows authenticated attackers to override security configurations and execute malicious commands.

The vulnerability exists because UI modules hardcode approval_mode to auto, bypassing intended administrator configurations. Authenticated attackers can leverage this to execute arbitrary shell commands via subprocess.run with shell=True, bypassing manual approval and insufficient sanitization.

With a CVSS score of 8.8, this flaw presents a critical risk of full system compromise. An authenticated attacker can execute arbitrary commands, potentially leading to data exfiltration, unauthorized modification of AI workflows, or total system takeover, resulting in significant operational disruption.

Immediate Action: Upgrade to PraisonAI version 4.5.128 or later immediately to resolve the command execution flaw.

Proactive Monitoring: Review application and system logs for suspicious execution patterns, particularly those involving subprocess calls or unauthorized shell command invocation.

Compensating Controls: Implement strict role-based access control (RBAC) to limit the number of users capable of interacting with the vulnerable UI modules.

Public Exploit Available: false

The ability to execute arbitrary shell commands represents a critical security failure. It is imperative that administrators update to the patched version, 4.5.128, as soon as possible to mitigate the risk of unauthorized remote command execution.