CVE-2026-61438
HIGH Exploitation: PoC
7.3
CVSS 3.1
Description
PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor._exec_inline_python() due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system() calls that bypass sandbox checks and execute arbitrary OS commands with process privileges.
Metadata
Severity & Metrics
7.3
HIGH CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| MervinPraison | PraisonAI | — | 0 < 4.6.78, 4.6.78 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-78 | cna | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.3 | HIGH | 3.1 | cna | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| 7.0 | HIGH | 4.0 | cna | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
References (2)
- GitHub Security Advisory (GHSA-26mh-57q7-jfvr) https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-26mh-57q7-jfvr
- VulnCheck Advisory: PraisonAI before 4.6.78 Remote Code Execution via Broken AST Sandbox https://www.vulncheck.com/advisories/praisonai-before-remote-code-execution-via-broken-ast-sandbox