This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical OS Command Injection flaw in PraisonAI. π **Consequences**: Attackers can execute arbitrary commands on the host system, leading to total server compromise, data theft, or ransomware deployment.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: **CWE-78** (OS Command Injection). The `--mcp` CLI parameter is passed directly to the OS shell without any validation, whitelisting, or sanitization. π« No input filtering is applied.
Q3Who is affected? (Versions/Components)
π₯ **Affected**: **PraisonAI** by Mervin Praison. π¦ **Versions**: 4.5.15 through 4.5.69 (prior to the fix). If you use this low-code multi-agent framework, you are at risk.
Q4What can hackers do? (Privileges/Data)
π **Attacker Capabilities**: Full **Remote Code Execution (RCE)**. ποΈ Privileges: Same as the user running PraisonAI.β¦
π **Self-Check**: 1. Check your PraisonAI version (`pip show praisonai`). 2. Look for usage of the `--mcp` flag in your CLI commands. 3. Scan for unvalidated shell arguments in your deployment scripts.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: **Yes**. π οΈ **Patch**: Commit `47bff65413beaa3c21bf633c1fae4e684348368c` addresses the issue. Update to version **4.5.69 or later** immediately.
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: 1. **Disable** the `--mcp` CLI argument if not strictly needed. 2. **Isolate** the PraisonAI process in a container with minimal permissions. 3. **Restrict** network access to the service.
Q10Is it urgent? (Priority Suggestion)
π₯ **Urgency**: **CRITICAL**. β±οΈ **Priority**: **P1**. With CVSS 9.8 (High) and no auth required, this is an immediate patching priority. Do not wait for a PoC to appear.