Allowlist Bypass in PraisonAI Shell Command Execution Vulnerability
CVE-2026-61434

8.7HIGH

Key Information:

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-61434?

Versions of PraisonAI prior to 4.6.78 are vulnerable to an allowlist bypass in shell command execution. This vulnerability permits attackers to execute restricted commands through the use of the find command's built-in -exec, -execdir, and -delete options. By crafting specific find commands, attackers can read protected files, delete files, or run binaries that are not on the allowlist, all without triggering standard shell metacharacter filters. This can lead to unauthorized access and potential exploitation of sensitive data.

Affected Version(s)

PraisonAI 0 < 4.6.78

PraisonAI 4.6.78

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

HiyokoSauna37
.