Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-61447

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.

View on NVD

Analysis

PraisonAI presenta una vulnerabilidad de ejecución remota de código en versiones anteriores a la 1.6.78 debido a la ejecución de código generado por LLM sin validación ni aislamiento. Un atacante puede utilizar inyección de prompts para exfiltrar secretos de entorno y ejecutar comandos arbitrarios directamente en el sistema operativo del host. Con una calificación de severidad de 10.0, es crítico actualizar inmediatamente si utilizas este framework para agentes de IA.

Relevant roles

PythonIABackendCyberSecurityMachineLearningDataScience

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-94

EPSS

No EPSS score yet (CVE may be too fresh).

Technical description

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.

Published: 7/11/2026, 2:16:23 PM
Last modified: 7/11/2026, 2:16:23 PM

References

HomeEventsBlogResourcesTeam