PT-2026-57440 · Praisonai · Praisonai
Anushkavirgaonkar
·
Published
2026-07-11
·
Updated
2026-07-12
·
CVE-2026-61447
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PraisonAI versions prior to 1.6.78
Description
A remote code execution issue exists in the
CodeAgent. execute python() function. The software executes Python code generated by a Large Language Model (LLM) without employing Abstract Syntax Tree (AST) validation, import restrictions, or sandbox enforcement. An attacker can use prompt injection to influence the LLM output, allowing them to execute arbitrary code on the host system and exfiltrate environment secrets. This can lead to a full system compromise, including the loss of database access and environment variables, without requiring authentication or user interaction.Recommendations
Update PraisonAI to version 1.6.78.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Praisonai