Remote Code Execution Vulnerability in PraisonAI by Mervin Praison
CVE-2026-61438
7HIGH
What is CVE-2026-61438?
PraisonAI versions prior to 4.6.78 exhibit a vulnerability that allows remote code execution via insufficient validation of abstract syntax trees (AST) in workflow scripts. Attackers can exploit this flaw by crafting malicious YAML files that contain unsanctioned import statements and execute OS commands. The flaw bypasses existing sandbox checks and grants the attacker the ability to run arbitrary commands with the privileges of the process executing the script, posing a significant threat to system integrity and security.
Affected Version(s)
PraisonAI 0 < 4.6.78
PraisonAI 4.6.78
