CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-61445 — PraisonAI before 4.6.78 contains arbitrary file write and command execution vuln...

·Source: NIST NVD

Updated:

Executive Summary

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem locations and execute arbitrary shell commands with root privileges.

Analysis

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem locations and execute arbitrary shell commands with root privileges. CVSS Score: 9.9. Published: 2026-07-11T14:16:23.240.

Indicators of Compromise (1)

CVE (1)
CVE-2026-61445
Source Attribution

Originally published by NIST NVD on Jul 11, 2026. Verified by: NIST.

Related Threats