Remote Code Execution Vulnerability in PraisonAI by Praison
CVE-2026-61447
10CRITICAL
What is CVE-2026-61447?
PraisonAI versions prior to 1.6.78 contain a vulnerability that allows remote code execution through the CodeAgent._execute_python() function. This flaw arises from the lack of AST validation, import restrictions, and sandbox enforcement when executing Python code generated by a large language model (LLM). Malicious actors can use prompt injection techniques to manipulate LLM outputs, potentially exposing sensitive environment variables or executing arbitrary code on affected systems. Remediation through updating to the latest version is crucial to mitigate these security risks.
Affected Version(s)
PraisonAI 0 < 1.6.78
PraisonAI 1.6.78
