PT-2026-60142 · Mervinpraison · Praisonai
Published
2026-07-15
·
Updated
2026-07-15
·
CVE-2026-61443
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.run skill script() that executes scripts without path containment validation. Attackers can supply absolute file paths to execute arbitrary scripts from any filesystem location, including those outside the intended working directory.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Praisonai