CVE-2026-61447
MervinPraison · PraisonAI
PraisonAI contains a remote code execution vulnerability in CodeAgent._execute_python() that allows attackers to execute arbitrary code via LLM prompt injection.
Executive summary
An unauthenticated remote code execution vulnerability in PraisonAI allows attackers to fully compromise the host system by injecting malicious instructions into LLM-generated Python code.
Vulnerability
This is a code injection vulnerability (CWE-94) stemming from the lack of AST validation or sandboxing in the CodeAgent._execute_python() function. An unauthenticated attacker can manipulate the LLM's output to execute arbitrary Python code on the underlying host.
Business impact
Successful exploitation allows an attacker to gain full control over the host environment, including the exfiltration of sensitive environment secrets and the execution of arbitrary commands. Given the CVSS score of 10.0, this represents a critical risk that could lead to complete system compromise and significant data breaches.
Remediation
Immediate Action: Upgrade PraisonAI to version 1.6.78 or later to incorporate necessary code validation and security restrictions.
Proactive Monitoring: Audit logs for unusual LLM interaction patterns or unexpected child process execution initiated by the PraisonAI service.
Compensating Controls: Ensure the application is deployed within a hardened, restricted-privilege container or sandbox environment to limit the impact of potential RCE.
Exploitation status
Public Exploit Available: No
Analyst recommendation
This vulnerability presents a maximum-severity risk to any deployment of PraisonAI. Organizations must prioritize updating to version 1.6.78 immediately to eliminate the possibility of remote code execution via prompt injection.