Home

Description

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.

PUBLISHED Reserved 2026-07-09 | Published 2026-07-11 | Updated 2026-07-11 | Assigner VulnCheck




CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

Improper Control of Generation of Code ('Code Injection')

Product status

Default status
unaffected

Any version before 1.6.78
affected

1.6.78 (semver)
unaffected

Credits

anushkavirgaonkar reporter

References

github.com/...isonAI/security/advisories/GHSA-2xv2-w8cq-5gxw (GitHub Security Advisory (GHSA-2xv2-w8cq-5gxw)) vendor-advisory

www.vulncheck.com/...ore-remote-code-execution-via-codeagent (VulnCheck Advisory: PraisonAI before 1.6.78 Remote Code Execution via CodeAgent) third-party-advisory

cve.org (CVE-2026-61447)

nvd.nist.gov (CVE-2026-61447)

Download JSON