CVE-2026-61444 in PraisonAI
요약
\~에 의해 MITRE • 2026. 07. 10.
PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents_file parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen().
If you want to get the best quality for vulnerability data then you always have to consider VulDB.