CVE-2026-61434
Received Received - Intake

PraisonAI Allowlist Bypass via Find Command Actions

Vulnerability report for CVE-2026-61434, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulnCheck

Description

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files, delete files, or execute non-allowlisted binaries without triggering shell metacharacter filters.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
praisonai praisonai to 4.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-61434 is a security vulnerability in PraisonAI versions before 4.6.78 that allows attackers to bypass the allowlist restrictions on shell command execution.

The vulnerability exploits the built-in actions of the `find` command, specifically `-exec`, `-execdir`, and `-delete`, which can execute commands without triggering shell metacharacter filters.

Because `find` is included in the safe command allowlist, attackers can craft commands using these actions to execute restricted commands, read blocked files, delete files, or run binaries that are not on the allowlist.

Impact Analysis

This vulnerability can have a significant impact on the confidentiality, integrity, and availability of your system.

  • Attackers can execute arbitrary commands that are supposed to be restricted.
  • They can read files that are blocked or sensitive.
  • They can delete important files, potentially causing data loss or service disruption.
  • They can execute binaries that are not on the allowlist, potentially leading to further compromise.

Overall, this can lead to unauthorized access, data breaches, and system instability.

Detection Guidance

This vulnerability involves the use of the `find` command's built-in `-exec`, `-execdir`, and `-delete` actions to bypass allowlist restrictions. To detect exploitation attempts, monitoring for unusual or unauthorized usage of these `find` command flags is recommended.

  • Check for `find` commands using `-exec`, `-execdir`, or `-delete` in shell history or running processes.
  • Use commands like `ps aux | grep 'find .* -exec'` to identify running processes that might be exploiting this.
  • Search system logs or audit logs for invocations of `find` with these flags, for example: `grep -r --include='*.log' 'find .* -exec' /var/log/`.
  • Implement file integrity monitoring to detect unexpected file deletions or modifications that could result from exploitation.
Mitigation Strategies

Immediate mitigation steps include removing the `find` command from the allowlist used by PraisonAI or enhancing input validation to reject dangerous `find` flags such as `-exec`, `-execdir`, and `-delete`.

  • Upgrade PraisonAI to version 4.6.78 or later where this vulnerability is fixed.
  • If upgrading is not immediately possible, configure the system or application to block or monitor usage of `find` commands with the risky flags.
  • Review and tighten shell command execution policies to prevent execution of non-allowlisted binaries.
Compliance Impact

The vulnerability in PraisonAI allows attackers to execute arbitrary commands, read or delete files, and bypass path restrictions, which can lead to unauthorized access and manipulation of sensitive data.

Such unauthorized access and potential data breaches could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality, integrity, and availability.

However, the provided information does not explicitly discuss the direct impact on compliance with these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61434. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart