CVE-2026-61444

MervinPraison · PraisonAI

PraisonAI contains a code injection vulnerability in its API module where unsanitized user input is passed to subprocess.Popen(), allowing arbitrary code execution.

Executive summary

A critical code injection vulnerability in PraisonAI allows authenticated attackers to achieve remote code execution on the underlying host system.

Vulnerability

The application is susceptible to CWE-94 (Code Injection) because the agents_file parameter in deploy/api.py is interpolated into an f-string without sanitization. This allows an authenticated user to inject malicious Python code that is subsequently executed by the server via subprocess.Popen().

Business impact

The successful exploitation of this vulnerability grants an attacker full control over the application server, leading to potential data exfiltration, system compromise, and lateral movement within the network. Given the CVSS score of 9.1, this flaw represents a significant risk to the integrity and availability of the infrastructure.

Remediation

Immediate Action: Upgrade PraisonAI to version 4.6.78 or later immediately to incorporate the necessary input sanitization patches.

Proactive Monitoring: Review system and application logs for suspicious subprocess calls or unexpected file modifications originating from the API service.

Compensating Controls: Implement strict network access control lists (ACLs) to restrict access to the API deployment endpoint to only known, trusted administrative IP addresses.

Exploitation status

Public Exploit Available: False

Analyst recommendation

This vulnerability presents a severe risk due to the potential for full system compromise. Administrators must prioritize updating the PraisonAI software to the patched version as the primary defense against potential code injection attacks.