PT-2026-57194 · Mervinpraison · Praisonai
Nx7N
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-61437
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow. resolve pydantic class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a string output pydantic reference, the framework locates and imports a sibling tools.py from the workflow file's directory via importlib exec module without sandboxing, ignoring the PRAISONAI ALLOW * TOOLS environment variables. An attacker who controls a workflow file and its sibling tools.py can execute arbitrary Python code with the workflow runner's privileges when the workflow is executed via WorkflowManager or after load yaml.
Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Praisonai