CVE-2026-40288 | MervinPraison PraisonAI/praisonaiagents YAML File Parser job_workflow.py subprocess.run os command injection (GHSA-vc46-vw85-3wvm)

A vulnerability has been found in MervinPraison PraisonAI and praisonaiagents and classified as critical. This affects the function subprocess.run of the file job_workflow.py of the component YAML File Parser. The manipulation leads to os command injection.

This vulnerability is uniquely identified as CVE-2026-40288. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More