CVE-2026-61444
MervinPraison · PraisonAI
PraisonAI contains a code injection vulnerability in its API module where unsanitized user input is passed to subprocess.Popen(), allowing arbitrary code execution.
Executive summary
A critical code injection vulnerability in PraisonAI allows authenticated attackers to achieve remote code execution on the underlying host system.
Vulnerability
The application is susceptible to CWE-94 (Code Injection) because the agents_file parameter in deploy/api.py is interpolated into an f-string without sanitization. This allows an authenticated user to inject malicious Python code that is subsequently executed by the server via subprocess.Popen().
Business impact
The successful exploitation of this vulnerability grants an attacker full control over the application server, leading to potential data exfiltration, system compromise, and lateral movement within the network. Given the CVSS score of 9.1, this flaw represents a significant risk to the integrity and availability of the infrastructure.
Remediation
Immediate Action: Upgrade PraisonAI to version 4.6.78 or later immediately to incorporate the necessary input sanitization patches.
Proactive Monitoring: Review system and application logs for suspicious subprocess calls or unexpected file modifications originating from the API service.
Compensating Controls: Implement strict network access control lists (ACLs) to restrict access to the API deployment endpoint to only known, trusted administrative IP addresses.
Exploitation status
Public Exploit Available: False
Analyst recommendation
This vulnerability presents a severe risk due to the potential for full system compromise. Administrators must prioritize updating the PraisonAI software to the patched version as the primary defense against potential code injection attacks.