{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-40113/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2026-40113"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PraisonAI"],"_cs_severities":["high"],"_cs_tags":["cve-2026-40113","cloud","environment variable injection","privilege escalation"],"_cs_type":"advisory","_cs_vendors":["PraisonAI"],"content_html":"\u003cp\u003ePraisonAI, a multi-agent teams system, contains a vulnerability in versions prior to 4.5.128 that allows for arbitrary environment variable injection into Google Cloud Run deployments. The vulnerability, identified as CVE-2026-40113, stems from the \u003ccode\u003edeploy.py\u003c/code\u003e script's construction of the \u003ccode\u003e--set-env-vars\u003c/code\u003e argument for the \u003ccode\u003egcloud run deploy\u003c/code\u003e command. Specifically, the script directly interpolates the \u003ccode\u003eopenai_model\u003c/code\u003e, \u003ccode\u003eopenai_key\u003c/code\u003e, and \u003ccode\u003eopenai_base\u003c/code\u003e variables into a comma-delimited string without validating for the presence of commas within these values. Since \u003ccode\u003egcloud\u003c/code\u003e uses commas as key-value pair separators, a comma within any of these values allows an attacker to inject arbitrary environment variables into the deployed Cloud Run service, leading to potential privilege escalation. This vulnerability poses a significant risk to organizations using vulnerable versions of PraisonAI, allowing attackers to potentially modify application behavior or gain unauthorized access to sensitive resources.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a PraisonAI instance running a version prior to 4.5.128.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious payload containing a comma within the \u003ccode\u003eopenai_model\u003c/code\u003e, \u003ccode\u003eopenai_key\u003c/code\u003e, or \u003ccode\u003eopenai_base\u003c/code\u003e parameters. For example, setting \u003ccode\u003eopenai_model\u003c/code\u003e to \u003ccode\u003emodel,MALICIOUS_VAR=evil\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eThe attacker triggers the \u003ccode\u003edeploy.py\u003c/code\u003e script, passing the crafted payload to the \u003ccode\u003egcloud run deploy --set-env-vars\u003c/code\u003e command.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egcloud\u003c/code\u003e interprets the comma in the injected value as a separator, parsing the trailing text as additional key-value pairs.\u003c/li\u003e\n\u003cli\u003eArbitrary environment variables, as specified in the malicious payload, are injected into the Cloud Run service during deployment.\u003c/li\u003e\n\u003cli\u003eThe Cloud Run service is deployed with the injected environment variables.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the injected environment variables to escalate privileges within the application or gain unauthorized access to resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40113 allows attackers to inject arbitrary environment variables into a deployed Cloud Run service running PraisonAI. This can lead to privilege escalation, unauthorized access to sensitive data, and modification of application behavior. While the exact number of vulnerable PraisonAI instances is unknown, the potential impact includes compromised cloud infrastructure and data breaches, especially for organizations that rely on PraisonAI for critical business functions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade PraisonAI to version 4.5.128 or later to remediate CVE-2026-40113.\u003c/li\u003e\n\u003cli\u003eImplement input validation on \u003ccode\u003eopenai_model\u003c/code\u003e, \u003ccode\u003eopenai_key\u003c/code\u003e, and \u003ccode\u003eopenai_base\u003c/code\u003e parameters within the \u003ccode\u003edeploy.py\u003c/code\u003e script or similar deployment scripts to prevent comma injection, mitigating the vulnerability even in older versions.\u003c/li\u003e\n\u003cli\u003eMonitor Google Cloud Run deployments for unexpected environment variables using cloud audit logs (service: \u0026quot;cloudtrail\u0026quot;) and implement the Sigma rule \u003ccode\u003eDetect Suspicious Google Cloud Run Environment Variable Injection\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReview existing Cloud Run deployments for potentially malicious environment variables and revert to a clean state.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-praisonai-env-injection/","summary":"PraisonAI versions before 4.5.128 are vulnerable to arbitrary environment variable injection in Google Cloud Run deployments due to insufficient input validation when constructing the `--set-env-vars` argument, potentially leading to privilege escalation.","title":"PraisonAI Cloud Run Environment Variable Injection Vulnerability (CVE-2026-40113)","url":"https://feed.craftedsignal.io/briefs/2024-01-praisonai-env-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - Cve-2026-40113","version":"https://jsonfeed.org/version/1.1"}