No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 15 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agents_file configuration parameters that execute when the generated server starts or handles requests. | |
| Title | PraisonAI before 4.6.78 Code Injection via API deployment generator | |
| First Time appeared |
Praison
Praison praisonai |
|
| Weaknesses | CWE-94 | |
| CPEs | cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Praison
Praison praisonai |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-15T13:25:34.001Z
Reserved: 2026-07-09T14:05:21.471Z
Link: CVE-2026-61433
Updated: 2026-07-15T13:20:39.590Z
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-94
Improper Control of Generation of Code ('Code Injection')