CVE-2026-61447 in PraisonAIinformazioni

Riassunto

di MITRE • 11/07/2026

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsabile

VulnCheck

Prenotare

09/07/2026

Divulgazione

11/07/2026

Moderazione

accettato

CPE

pronto

EPSS

0.00000

KEV

no

Attività

molto basso

Fonti

Want to stay up to date on a daily basis?

Enable the mail alert feature now!