PT-2026-57439 · Praisonai · Praisonai

Anushkavirgaonkar

·

Published

2026-07-11

·

Updated

2026-07-11

·

CVE-2026-61445

CVSS v3.1

9.9

Critical

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.78
Description The AICoder component contains flaws allowing arbitrary file write and command execution. These issues result from missing path validation and inadequate command sanitization during Large Language Model (LLM) tool calls. An attacker can use the chat interface to inject malicious prompts, enabling them to write files to any location on the filesystem and execute shell commands with root privileges.
Recommendations Update PraisonAI to version 4.6.78.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61445
GHSA-9MP3-24CC-77MG

Affected Products

Praisonai