Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run
deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injecting arbitrary environment variables into the deployed Cloud Run service. This vulnerability is fixed in 4.5.128.
Published: 2026-04-09
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

PraisonAI before version 4.5.128 constructs a gcloud run deploy command by concatenating three inputs—openai_model, openai_key, and openai_base—into a single comma‑delimited string. Because the command does not validate that these values lack commas, any comma in one of the values causes gcloud to split the string and treat the trailing text as additional key=value pairs. This results in arbitrary environment variables being injected into the deployed Cloud Run service, potentially allowing an attacker to manipulate configuration or execute malicious code, which is a remote code execution vulnerability.

Affected Systems

The flaw affects deployments of PraisonAI managed by MervinPraison that use the deploy.py script in versions earlier than 4.5.128. No other vendors or products are listed as affected.

Risk and Exploitability

The CVSS score of 8.4 indicates high severity. Exploitation requires the ability to supply openai_model, openai_key, or openai_base during deployment, and the vulnerability is not included in CISA's Known Exploited Vulnerabilities catalog. The attack vector is the deployment phase and depends on unsanitized input to gcloud; no publicly documented exploits are cited in the CVE data. EPSS information is unavailable.

Generated by OpenCVE AI on April 10, 2026 at 00:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PraisonAI to version 4.5.128 or newer.
  • If an immediate upgrade is not possible, modify deploy.py to reject or escape commas in openai_model, openai_key, or openai_base before building the --set-env-vars string.
  • Verify that no other deployment scripts concatenate user input into gcloud commands without proper sanitization.
  • After applying the fix, monitor Cloud Run logs for unexpected environment variable changes.

Generated by OpenCVE AI on April 10, 2026 at 00:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-fvxx-ggmx-3cjg PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
History

Fri, 17 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Praison
Praison praisonai
CPEs cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*
Vendors & Products Praison
Praison praisonai

Fri, 10 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Mervinpraison
Mervinpraison praisonai
Vendors & Products Mervinpraison
Mervinpraison praisonai

Thu, 09 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injecting arbitrary environment variables into the deployed Cloud Run service. This vulnerability is fixed in 4.5.128.
Title PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
Weaknesses CWE-88
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N'}

Subscriptions

Mervinpraison Praisonai
Praison Praisonai
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-10T18:13:14.057Z

Reserved: 2026-04-09T01:41:38.537Z

Link: CVE-2026-40113

cve-icon Vulnrichment

Updated: 2026-04-10T18:13:08.544Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T22:16:34.853

Modified: 2026-04-17T19:35:27.690

Link: CVE-2026-40113

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:28:58Z

Weaknesses