CVE-2026-40113

PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

Assigner: GitHub_M
Reserved: 09.04.2026 Published: 09.04.2026 Updated: 09.04.2026

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injecting arbitrary environment variables into the deployed Cloud Run service. This vulnerability is fixed in 4.5.128.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CVSS Score: 8.4

Attack Vector	Local	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	MervinPraison
Product	PraisonAI
Versions	Version < 4.5.128 is affected

Vendor

MervinPraison

Product

PraisonAI

Versions

Version < 4.5.128 is affected

References

Problem Types

CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE

CVE-2026-40113 PUBLISHED

PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

Metrics

Product Status

References

Problem Types