Remote Code Execution Vulnerability in PraisonAI by Praison
CVE-2026-61447

10CRITICAL

Key Information:

Status
Vendor
CVE Published:
11 July 2026

What is CVE-2026-61447?

PraisonAI versions prior to 1.6.78 contain a vulnerability that allows remote code execution through the CodeAgent._execute_python() function. This flaw arises from the lack of AST validation, import restrictions, and sandbox enforcement when executing Python code generated by a large language model (LLM). Malicious actors can use prompt injection techniques to manipulate LLM outputs, potentially exposing sensitive environment variables or executing arbitrary code on affected systems. Remediation through updating to the latest version is crucial to mitigate these security risks.

Affected Version(s)

PraisonAI 0 < 1.6.78

PraisonAI 1.6.78

References

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

anushkavirgaonkar
.