PT-2026-57194 · Mervinpraison · Praisonai

Nx7N

·

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-61437

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow. resolve pydantic class (src/praisonai-agents/praisonaiagents/workflows/workflows.py). When a workflow step uses a string output pydantic reference, the framework locates and imports a sibling tools.py from the workflow file's directory via importlib exec module without sandboxing, ignoring the PRAISONAI ALLOW * TOOLS environment variables. An attacker who controls a workflow file and its sibling tools.py can execute arbitrary Python code with the workflow runner's privileges when the workflow is executed via WorkflowManager or after load yaml.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61437

Affected Products

Praisonai