Cyber Resilience

CVE-2026-41497

CriticalPublic PoCRCE

Published: 08 May 2026

Published
08 May 2026
Modified
08 May 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0054 41.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-41497 is a critical-severity Command Injection (CWE-77) vulnerability in Praison Praisonai. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 41.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing arbitrary executables like bash, python, or /bin/sh with inline code execution…

more

flags to pass through to subprocess execution. This issue has been patched in version 4.6.9.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Direct OS command injection (CWE-78) in parse_mcp_command() permits arbitrary Unix shell interpreters (bash, /bin/sh, python) with inline code to reach subprocess execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40088Same product: Praison Praisonai
CVE-2026-34935Same product: Praison Praisonai
CVE-2026-34955Same product: Praison Praisonai
CVE-2026-40116Same product: Praison Praisonai
CVE-2026-40149Same product: Praison Praisonai
CVE-2026-44336Same product: Praison Praisonai
CVE-2026-34953Same product: Praison Praisonai
CVE-2026-39891Same product: Praison Praisonai
CVE-2026-34936Same product: Praison Praisonai
CVE-2026-40315Same product: Praison Praisonai

Affected Assets

praison
praisonai
≤ 4.6.9

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References