The vulnerability arises from the use of string concatenation to construct a command for memory estimation, which is then executed using subprocess.run with shell=True. This approach does not properly sanitize input parameters, allowing an attacker to inject arbitrary OS commands. The vulnerability is particularly concerning because it can be exploited by manipulating the parameters passed to the prune_by_memory_estimation function, leading to the execution of unintended commands on the host system.

An attacker could exploit this vulnerability by crafting a malicious configuration that includes shell commands in the parameters for the prune_by_memory_estimation function. When this function is called, the injected commands are executed, potentially allowing the attacker to gain unauthorized access or perform malicious actions on the host system.

Users of PaddlePaddle version 2.6.0 who utilize the prune_by_memory_estimation function in the paddle.distributed.auto_tuner.prune module are affected by this vulnerability. The risk is particularly high for systems where untrusted users can influence the parameters passed to this function.