Unenforced Security Policy in PraisonAI Subprocess Sandbox
CVE-2026-60085
8.7HIGH
What is CVE-2026-60085?
PraisonAI before version 4.6.78 exhibits a significant security vulnerability in its default Subprocess Sandbox backend. This flaw allows attackers to disregard security policies related to blocked commands, paths, and imports. As a result, they can execute arbitrary subprocess commands, access sensitive files, and conduct destructive operations, all while bypassing the intended restrictions outlined in the security policy.
Affected Version(s)
PraisonAI 0 < 4.6.78
PraisonAI 4.6.78
