Arbitrary File Write and Command Execution in PraisonAI Software by Praison
CVE-2026-61445

9.4CRITICAL

Key Information:

Status
Vendor
CVE Published:
11 July 2026

What is CVE-2026-61445?

PraisonAI versions prior to 4.6.78 are susceptible to vulnerabilities that allow arbitrary file writing and command execution. These issues arise from insufficient path validation and lack of command sanitization in the AICoder component, enabling attackers to inject harmful prompts via the chat interface. This might lead to writing executable files to unrestricted filesystem locations or executing commands with root privileges, posing serious security risks.

Affected Version(s)

PraisonAI 0 < 4.6.78

PraisonAI 4.6.78

References

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

anushkavirgaonkar
.