CVE-2026-40153
Environment Variable Expansion Flaw in PraisonAIAgents Enables Secret Exfiltration
Publication date: 2026-04-09
Last updated on: 2026-04-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| praison | praisonaiagents | to 1.5.128 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-526 | The product uses an environment variable to store unencrypted sensitive information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in PraisonAIAgents, a multi-agent teams system, specifically in versions prior to 1.5.128. The execute_command function in shell_tools.py improperly uses os.path.expandvars() on every command argument, manually re-implementing shell-level environment variable expansion even though the command is executed with shell=False for security reasons. This causes environment variables to be expanded unexpectedly.
Because of this, secrets stored in environment variables such as database credentials, API keys, and cloud access keys can be exfiltrated. Additionally, the approval system shows the unexpanded variable references (like $VAR) to human reviewers, which is deceptive because the command that actually runs has those variables expanded, potentially hiding malicious intent.
This vulnerability was fixed in version 1.5.128.
How can this vulnerability impact me? :
This vulnerability can lead to the exfiltration of sensitive secrets stored in environment variables, including database credentials, API keys, and cloud access keys.
Because the approval system displays unexpanded variable references, human reviewers may be deceived into approving commands that execute differently than they appear, potentially allowing unauthorized access or actions.
The impact is significant confidentiality loss (CVSS confidentiality impact is high), but it does not affect integrity or availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade PraisonAIAgents to version 1.5.128 or later, where the issue with execute_command in shell_tools.py has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows exfiltration of secrets stored in environment variables, such as database credentials, API keys, and cloud access keys. Such unauthorized disclosure of sensitive information can lead to violations of data protection and security requirements mandated by common standards and regulations like GDPR and HIPAA.
Specifically, the deceptive approval system that displays unexpanded environment variable references to human reviewers means that sensitive data could be exposed without proper oversight, increasing the risk of non-compliance with confidentiality and data integrity obligations.
Therefore, organizations using vulnerable versions of PraisonAIAgents prior to 1.5.128 may face compliance risks related to the protection of sensitive information under these regulations.