A critical code execution vulnerability in the PraisonAI workflow engine allows attackers to achieve full control over the host system using malicious YAML files.

The workflow engine fails to validate or sandbox YAML inputs, allowing an attacker to execute arbitrary shell commands or Python scripts via the job definition processing functions.

With a CVSS score of 9.8, this flaw allows for total system takeover. An attacker influencing a workflow file can execute arbitrary code on the host, leading to full data compromise, lateral movement within the network, and the potential for persistent backdoors.

Immediate Action: Update PraisonAI to version 4.5.139 and praisonaiagents to 1.5.140 immediately.

Proactive Monitoring: Monitor workflow execution logs for unusual shell commands or unexpected Python script invocations originating from the workflow engine.

Compensating Controls: Restrict access to YAML configuration files and ensure they are only editable by authorized personnel within a secure, non-public context.

Public Exploit Available: Unknown

This vulnerability is critical due to the lack of any sandboxing for user-provided configuration. Immediate patching is required. Furthermore, teams should conduct a forensic review of any workflow files that were modified by untrusted sources to ensure no malicious persistence mechanisms were established prior to patching.