<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cve-2026-40113 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/cve-2026-40113/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 02 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/cve-2026-40113/feed.xml" rel="self" type="application/rss+xml"/><item><title>PraisonAI Cloud Run Environment Variable Injection Vulnerability (CVE-2026-40113)</title><link>https://feed.craftedsignal.io/briefs/2024-01-praisonai-env-injection/</link><pubDate>Tue, 02 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-praisonai-env-injection/</guid><description>PraisonAI versions before 4.5.128 are vulnerable to arbitrary environment variable injection in Google Cloud Run deployments due to insufficient input validation when constructing the `--set-env-vars` argument, potentially leading to privilege escalation.</description><content:encoded><![CDATA[<p>PraisonAI, a multi-agent teams system, contains a vulnerability in versions prior to 4.5.128 that allows for arbitrary environment variable injection into Google Cloud Run deployments. The vulnerability, identified as CVE-2026-40113, stems from the <code>deploy.py</code> script's construction of the <code>--set-env-vars</code> argument for the <code>gcloud run deploy</code> command. Specifically, the script directly interpolates the <code>openai_model</code>, <code>openai_key</code>, and <code>openai_base</code> variables into a comma-delimited string without validating for the presence of commas within these values. Since <code>gcloud</code> uses commas as key-value pair separators, a comma within any of these values allows an attacker to inject arbitrary environment variables into the deployed Cloud Run service, leading to potential privilege escalation. This vulnerability poses a significant risk to organizations using vulnerable versions of PraisonAI, allowing attackers to potentially modify application behavior or gain unauthorized access to sensitive resources.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>The attacker identifies a PraisonAI instance running a version prior to 4.5.128.</li>
<li>The attacker crafts a malicious payload containing a comma within the <code>openai_model</code>, <code>openai_key</code>, or <code>openai_base</code> parameters. For example, setting <code>openai_model</code> to <code>model,MALICIOUS_VAR=evil</code></li>
<li>The attacker triggers the <code>deploy.py</code> script, passing the crafted payload to the <code>gcloud run deploy --set-env-vars</code> command.</li>
<li><code>gcloud</code> interprets the comma in the injected value as a separator, parsing the trailing text as additional key-value pairs.</li>
<li>Arbitrary environment variables, as specified in the malicious payload, are injected into the Cloud Run service during deployment.</li>
<li>The Cloud Run service is deployed with the injected environment variables.</li>
<li>The attacker leverages the injected environment variables to escalate privileges within the application or gain unauthorized access to resources.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-40113 allows attackers to inject arbitrary environment variables into a deployed Cloud Run service running PraisonAI. This can lead to privilege escalation, unauthorized access to sensitive data, and modification of application behavior. While the exact number of vulnerable PraisonAI instances is unknown, the potential impact includes compromised cloud infrastructure and data breaches, especially for organizations that rely on PraisonAI for critical business functions.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade PraisonAI to version 4.5.128 or later to remediate CVE-2026-40113.</li>
<li>Implement input validation on <code>openai_model</code>, <code>openai_key</code>, and <code>openai_base</code> parameters within the <code>deploy.py</code> script or similar deployment scripts to prevent comma injection, mitigating the vulnerability even in older versions.</li>
<li>Monitor Google Cloud Run deployments for unexpected environment variables using cloud audit logs (service: &quot;cloudtrail&quot;) and implement the Sigma rule <code>Detect Suspicious Google Cloud Run Environment Variable Injection</code>.</li>
<li>Review existing Cloud Run deployments for potentially malicious environment variables and revert to a clean state.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>cve-2026-40113</category><category>cloud</category><category>environment variable injection</category><category>privilege escalation</category></item></channel></rss>