No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 15 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor._exec_inline_python() due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system() calls that bypass sandbox checks and execute arbitrary OS commands with process privileges. | |
| Title | PraisonAI before 4.6.78 Remote Code Execution via Broken AST Sandbox | |
| First Time appeared |
Praison
Praison praisonai |
|
| Weaknesses | CWE-78 | |
| CPEs | cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Praison
Praison praisonai |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-15T13:53:15.502Z
Reserved: 2026-07-09T14:05:47.928Z
Link: CVE-2026-61438
Updated: 2026-07-15T13:53:01.860Z
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')