CVE-2026-60085
Received Received - Intake

PraisonAI Unenforced Security Policy Bypass in Subprocess Sandbox

Vulnerability report for CVE-2026-60085, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-15

Last updated on: 2026-07-15

Assigner: VulnCheck

Description

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and allow_file_write restrictions are completely ignored. Attackers can execute arbitrary subprocess commands, read sensitive files, and perform destructive operations despite explicit security policy configuration.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-15
Last Modified
2026-07-15
Generated
2026-07-15
AI Q&A
2026-07-15
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
praisonai praisonai to 4.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-273 The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

PraisonAI before version 4.6.78 has a security flaw where the default Subprocess Sandbox ignores configured security policies. Restrictions like blocked commands, paths, imports, subprocess execution, and file write permissions are not enforced, allowing attackers to bypass intended protections.

Impact Analysis

Attackers can execute arbitrary commands, read sensitive files like /etc/passwd, and perform destructive operations such as deleting files. This bypasses security policies even when explicitly configured, potentially leading to system compromise or data breaches.

Compliance Impact

This vulnerability can lead to unauthorized data access or destruction, violating confidentiality and integrity requirements in GDPR and HIPAA. Non-enforcement of security policies may result in compliance failures, legal penalties, and loss of trust.

Detection Guidance

Check PraisonAI version with pip show praisonai or grep version in installed files. Inspect sandbox configuration files like praisonaiagents/sandbox/config.py for SecurityPolicy settings. Test blocked commands or paths manually in a controlled environment to verify if restrictions are enforced.

Mitigation Strategies

Upgrade PraisonAI to version 4.6.78 or later immediately. Avoid relying on the default SubprocessSandbox backend; switch to a native backend like Landlock or Seatbelt if possible. Review and remove any SecurityPolicy configurations that assume enforcement of blocked commands or paths.

Executive Summary

PraisonAI before version 4.6.78 has a security flaw where the default Subprocess Sandbox ignores configured security policies. Restrictions like blocked commands, paths, imports, subprocess execution, and file writes are not enforced, allowing attackers to bypass intended protections.

Impact Analysis

Attackers could execute arbitrary commands, read sensitive files like /etc/passwd, delete data with commands like rm -rf, or perform other destructive actions even when security policies are configured to block these behaviors.

Compliance Impact

This vulnerability could lead to unauthorized data access or destruction, violating GDPR's data protection principles or HIPAA's security requirements for safeguarding sensitive information. Non-compliance risks include legal penalties and reputational damage.

Detection Guidance

Check PraisonAI version with pip show praisonai or python -c 'import praisonai; print(praisonai.__version__)'. If version is below 4.6.78, the system is vulnerable. Inspect sandbox configuration files like praisonaiagents/sandbox/config.py for SecurityPolicy settings that are not enforced.

Mitigation Strategies

Upgrade PraisonAI to version 4.6.78 or later immediately. If upgrading is not possible, switch to a native sandbox backend like Landlock or Seatbelt instead of the default SubprocessSandbox backend to enforce restrictions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-60085. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart