AI Threat Alert AI Threat Alert

CVE-2026-40113

HIGH
Published April 9, 2026

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud...

Full CISO analysis pending enrichment.

Severity & Risk

CVSS 3.1
8.4 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Attack Surface

AV AC PR UI S C I A
AV Local
AC Low
PR Low
UI None
S Changed
C High
I High
A None

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-40113?

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injecting arbitrary envir

Is CVE-2026-40113 actively exploited?

No confirmed active exploitation of CVE-2026-40113 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-40113?

No patch is currently available. Monitor vendor advisories for updates.

What is the CVSS score for CVE-2026-40113?

CVE-2026-40113 has a CVSS v3.1 base score of 8.4 (HIGH).

Technical Details

NVD Description

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for --set-env-vars. A comma in any of the three values causes gcloud to parse the trailing text as additional KEY=VALUE definitions, injecting arbitrary environment variables into the deployed Cloud Run service. This vulnerability is fixed in 4.5.128.

Weaknesses (CWE)

CWE-88 Primary

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

References

Timeline

Published
April 9, 2026
Last Modified
April 9, 2026
First Seen
April 9, 2026
Back to Threat Feed