PT-2026-60133 · Mervinpraison · Praisonai

Lhmisme420

·

Publicado

2026-07-15

·

Atualizado

2026-07-15

·

CVE-2026-60085

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked commands, blocked paths, blocked imports, allow subprocess, and allow file write restrictions are completely ignored. Attackers can execute arbitrary subprocess commands, read sensitive files, and perform destructive operations despite explicit security policy configuration.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-60085

Produtos afetados

Praisonai