PatchSiren cyber security CVE debrief
CVE-2026-56075 PraisonAI CVE debrief
CVE-2026-56075 is an arbitrary shell command execution vulnerability in PraisonAI before version 4.5.128. The vulnerability arises from UI modules hardcoding approval_mode to auto, which overrides administrator configuration from the PRAISON_APPROVAL_MODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary shell commands via subprocess.run with shell=True, bypassing the manual approval gate and insufficient command sanitization blocklists.
- Vendor
- PraisonAI
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-18
- Original CVE updated
- 2026-06-22
- Advisory published
- 2026-06-18
- Advisory updated
- 2026-06-22
Who should care
Administrators and users of PraisonAI versions before 4.5.128 should be aware of this vulnerability and take immediate action to update to the latest version or apply necessary patches. Additionally, security teams and vulnerability managers should prioritize this CVE due to its high CVSS score of 8.7 and the potential for attackers to exploit this vulnerability in the wild.
Technical summary
The vulnerability is caused by the UI modules in PraisonAI hardcoding approval_mode to auto, which overrides the administrator's configuration set via the PRAISON_APPROVAL_MODE environment variable. This allows authenticated attackers to execute arbitrary shell commands using subprocess.run with shell=True, bypassing both the manual approval gate and the insufficient command sanitization blocklists. The CVSS score for this vulnerability is 8.7, indicating a high severity level.
Defensive priority
High
Recommended defensive actions
- Update PraisonAI to version 4.5.128 or later
- Review and adjust the PRAISON_APPROVAL_MODE environment variable configuration
- Implement additional command sanitization and validation for subprocess.run calls
- Monitor for suspicious activity and implement logging and alerting for LLM agent interactions
- Restrict access to the PraisonAI system and enforce strong authentication and authorization controls
Evidence notes
The CVE record was published on 2026-06-18T23:16:19.357Z and was last modified on 2026-06-22T21:15:31.750Z. The NVD entry is currently Deferred. The vulnerability was disclosed by [email protected] and additional information can be found in the source references.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T23:16:19.357Z and has not been modified since then. The NVD entry is currently Deferred.