PT-2026-60133 · Mervinpraison · Praisonai

Lhmisme420

·

Published

2026-07-15

·

Updated

2026-07-15

·

CVE-2026-60085

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked commands, blocked paths, blocked imports, allow subprocess, and allow file write restrictions are completely ignored. Attackers can execute arbitrary subprocess commands, read sensitive files, and perform destructive operations despite explicit security policy configuration.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-60085

Affected Products

Praisonai