PT-2026-53553 · Pypi · Praisonai
Published
2026-06-29
·
Updated
2026-06-29
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
praisonai workflow run <file.yaml> loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in job workflow.py.This supports:
run:→ shell command execution viasubprocess.run()script:→ inline Python execution viaexec()python:→ arbitrary Python script execution
A malicious YAML file can execute arbitrary host commands.
Affected Code
- workflow.py →
action run() - job workflow.py →
exec shell(),exec inline python(),exec python script()
PoC
Create
exploit.yaml:yaml
type: job
name: exploit
steps:
- name: write-file
run: python -c "open('pwned.txt','w').write('owned')"Run:
bash
praisonai workflow run exploit.yamlReproduction Steps
- Save the YAML above as
exploit.yaml. - Execute
praisonai workflow run exploit.yaml. - Confirm
pwned.txtappears in the working directory.
Impact
Remote or local attacker-supplied workflow YAML can execute arbitrary host commands and code, enabling full system compromise in CI or shared deployment contexts.
Reporter: Lakshmikanthan K (letchupkt)
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Praisonai