PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56075 PraisonAI CVE debrief

CVE-2026-56075 is an arbitrary shell command execution vulnerability in PraisonAI before version 4.5.128. The vulnerability arises from UI modules hardcoding approval_mode to auto, which overrides administrator configuration from the PRAISON_APPROVAL_MODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary shell commands via subprocess.run with shell=True, bypassing the manual approval gate and insufficient command sanitization blocklists.

Vendor
PraisonAI
Product
Unknown
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-18
Original CVE updated
2026-06-22
Advisory published
2026-06-18
Advisory updated
2026-06-22

Who should care

Administrators and users of PraisonAI versions before 4.5.128 should be aware of this vulnerability and take immediate action to update to the latest version or apply necessary patches. Additionally, security teams and vulnerability managers should prioritize this CVE due to its high CVSS score of 8.7 and the potential for attackers to exploit this vulnerability in the wild.

Technical summary

The vulnerability is caused by the UI modules in PraisonAI hardcoding approval_mode to auto, which overrides the administrator's configuration set via the PRAISON_APPROVAL_MODE environment variable. This allows authenticated attackers to execute arbitrary shell commands using subprocess.run with shell=True, bypassing both the manual approval gate and the insufficient command sanitization blocklists. The CVSS score for this vulnerability is 8.7, indicating a high severity level.

Defensive priority

High

Recommended defensive actions

  • Update PraisonAI to version 4.5.128 or later
  • Review and adjust the PRAISON_APPROVAL_MODE environment variable configuration
  • Implement additional command sanitization and validation for subprocess.run calls
  • Monitor for suspicious activity and implement logging and alerting for LLM agent interactions
  • Restrict access to the PraisonAI system and enforce strong authentication and authorization controls

Evidence notes

The CVE record was published on 2026-06-18T23:16:19.357Z and was last modified on 2026-06-22T21:15:31.750Z. The NVD entry is currently Deferred. The vulnerability was disclosed by [email protected] and additional information can be found in the source references.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T23:16:19.357Z and has not been modified since then. The NVD entry is currently Deferred.