CVE-2026-61444 in PraisonAI
Zusammenfassung
von MITRE • 10.07.2026
PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents_file parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen().
If you want to get the best quality for vulnerability data then you always have to consider VulDB.