PT-2026-60142 · Mervinpraison · Praisonai

Published

2026-07-15

·

Updated

2026-07-15

·

CVE-2026-61443

CVSS v3.1

8.1

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.run skill script() that executes scripts without path containment validation. Attackers can supply absolute file paths to execute arbitrary scripts from any filesystem location, including those outside the intended working directory.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61443

Affected Products

Praisonai