CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-61447 — PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAg...

·Source: NIST NVD

Updated:

Executive Summary

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.

Analysis

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system. CVSS Score: 10. Published: 2026-07-11T14:16:23.377.

Indicators of Compromise (1)

CVE (1)
CVE-2026-61447
Source Attribution

Originally published by NIST NVD on Jul 11, 2026. Verified by: NIST.

Related Threats