Allowlist Bypass in PraisonAI Shell Command Execution Vulnerability
CVE-2026-61434
8.7HIGH
What is CVE-2026-61434?
Versions of PraisonAI prior to 4.6.78 are vulnerable to an allowlist bypass in shell command execution. This vulnerability permits attackers to execute restricted commands through the use of the find command's built-in -exec, -execdir, and -delete options. By crafting specific find commands, attackers can read protected files, delete files, or run binaries that are not on the allowlist, all without triggering standard shell metacharacter filters. This can lead to unauthorized access and potential exploitation of sensitive data.
Affected Version(s)
PraisonAI 0 < 4.6.78
PraisonAI 4.6.78
