Arbitrary File Write and Command Execution in PraisonAI Software by Praison
CVE-2026-61445
9.4CRITICAL
What is CVE-2026-61445?
PraisonAI versions prior to 4.6.78 are susceptible to vulnerabilities that allow arbitrary file writing and command execution. These issues arise from insufficient path validation and lack of command sanitization in the AICoder component, enabling attackers to inject harmful prompts via the chat interface. This might lead to writing executable files to unrestricted filesystem locations or executing commands with root privileges, posing serious security risks.
Affected Version(s)
PraisonAI 0 < 4.6.78
PraisonAI 4.6.78
