PraisonAI Multi-Agent Platform CVE-2026-34938 Rated CVSS 10.0 — Patch Immediately

CVE-2026-34938 is a maximum-severity (CVSS 10.0) remote code execution vulnerability in PraisonAI, an open-source multi-agent AI teams system. The vulnerability exists in the execute_code() function within the praisonai-agents component, which runs attacker-controlled code without proper sandboxing or authentication controls. An unauthenticated remote attacker can exploit this flaw to execute arbitrary code on the server hosting PraisonAI, potentially gaining full system control. All versions of PraisonAI prior to 1.5.90 are affected. This vulnerability was published to the NVD on April 4, 2026. The exploitation of AI platform vulnerabilities is an emerging trend, as these systems often have access to sensitive data, API keys, and are integrated deeply within organizational infrastructure. The AI security landscape requires the same rigorous patching discipline applied to traditional software. Organizations using PraisonAI should immediately update to version 1.5.90 or later, restrict network access to PraisonAI instances, implement authentication controls, and audit for signs of unauthorized access or unauthorized code execution.