Code Injection Vulnerability in PraisonAI by Mervin Praison
CVE-2026-61433
8.5HIGH
What is CVE-2026-61433?
PraisonAI versions prior to 4.6.78 contain a code injection vulnerability that arises from inadequate encoding of deployment configuration values during Python source code generation for API servers. This flaw enables malicious actors to inject arbitrary Python expressions through the deploy.api.host and agents_file configuration parameters. These expressions are executed when the server starts or while handling requests, potentially leading to severe security breaches. Users of affected versions are urged to upgrade immediately to mitigate this risk.
Affected Version(s)
PraisonAI 0 < 4.6.78
PraisonAI 4.6.78
