PT-2026-57439 · Praisonai · Praisonai
Anushkavirgaonkar
·
Published
2026-07-11
·
Updated
2026-07-11
·
CVE-2026-61445
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PraisonAI versions prior to 4.6.78
Description
The AICoder component contains flaws allowing arbitrary file write and command execution. These issues result from missing path validation and inadequate command sanitization during Large Language Model (LLM) tool calls. An attacker can use the chat interface to inject malicious prompts, enabling them to write files to any location on the filesystem and execute shell commands with root privileges.
Recommendations
Update PraisonAI to version 4.6.78.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Praisonai