Summary
PraisonAI: Missing Authentication for Critical Function and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
References
Related vulnerabilities
All Supply chain →- CRITICALGHSA-4H5R-5JM8-JXJM
gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)
- HIGHGHSA-5CJ2-3JR2-5H77
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
- LOWGHSA-CWPP-5962-Q4F6
OpenClaw: Exec allowlist could miss side effects from transparent command wrappers
- HIGHGHSA-FQ4X-789W-JG5H
AgenticMail: Unauthenticated inbound mail triggers bypassPermissions resume of the operator's Claude Code session (bridge-wake)
- HIGHGHSA-JXCW-QP4H-6JFQ
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default
- HIGHGHSA-7QW2-W5RC-37X2
PraisonAI recipe workflow policy can be bypassed by declaring and YAML-approving dangerous tools outside TEMPLATE.yaml