PT-2026-53553 · Pypi · Praisonai

Publicado

2026-06-29

·

Atualizado

2026-06-29

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
praisonai workflow run <file.yaml> loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in job workflow.py.
This supports:
  • run: → shell command execution via subprocess.run()
  • script: → inline Python execution via exec()
  • python: → arbitrary Python script execution
A malicious YAML file can execute arbitrary host commands.

Affected Code

  • workflow.py → action run()
  • job workflow.py → exec shell(), exec inline python(), exec python script()

PoC

Create exploit.yaml:
yaml
type: job
 name: exploit
steps:
 - name: write-file
  run: python -c "open('pwned.txt','w').write('owned')"
Run:
bash
praisonai workflow run exploit.yaml

Reproduction Steps

  1. Save the YAML above as exploit.yaml.
  2. Execute praisonai workflow run exploit.yaml.
  3. Confirm pwned.txt appears in the working directory.

Impact

Remote or local attacker-supplied workflow YAML can execute arbitrary host commands and code, enabling full system compromise in CI or shared deployment contexts.
Reporter: Lakshmikanthan K (letchupkt)

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Identificadores relacionados

PYSEC-2026-477

Produtos afetados

Praisonai