PraisonAI, a widely used multi-agent AI system, is vulnerable to arbitrary command and code execution through unvalidated YAML workflow files. The workflow engine executes shell commands and Python code from loaded YAML files without any sandboxing, validation, or user confirmation. An attacker able to supply a malicious YAML file can achieve full code execution on the host system.
Remediation
Upgrade PraisonAI to version 4.5.139 or later, and praisonaiagents to version 1.5.140 or later immediately. Avoid loading YAML workflow files from untrusted or shared sources before upgrading. Audit existing workflows for malicious content to rule out prior compromise.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.