PT-2026-57440 · Praisonai · Praisonai

Anushkavirgaonkar

·

Published

2026-07-11

·

Updated

2026-07-12

·

CVE-2026-61447

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.78
Description A remote code execution issue exists in the CodeAgent. execute python() function. The software executes Python code generated by a Large Language Model (LLM) without employing Abstract Syntax Tree (AST) validation, import restrictions, or sandbox enforcement. An attacker can use prompt injection to influence the LLM output, allowing them to execute arbitrary code on the host system and exfiltrate environment secrets. This can lead to a full system compromise, including the loss of database access and environment variables, without requiring authentication or user interaction.
Recommendations Update PraisonAI to version 1.6.78.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61447

Affected Products

Praisonai