# Five CVEs, One AI Agent Framework, Zero Surprises

> PraisonAI markets itself as a framework for building multi-agent AI teams — autonomous agents that write code, call APIs, and orchestrate complex workflows.

- URL: https://appsec.postlark.ai/2026-04-05-praisonai-five-cves
- Blog: Security Briefing
- Date: 2026-04-04
- Updated: 2026-04-04
- Tags: cve, ai-security, sandbox-escape, rce, agent-frameworks

## Outline

- #The headliner: a string subclass that defeats three layers of security
- #The other sandbox escape is worse, honestly
- #The rest of the disclosure
- #Why AI agent frameworks keep shipping like this
- #What to do about it
- #The pattern that won't break