CVE-2026-61445
Received Received - Intake

Arbitrary File Write and Command Execution in PraisonAI AICoder

Vulnerability report for CVE-2026-61445, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-11

Last updated on: 2026-07-11

Assigner: VulnCheck

Description

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem locations and execute arbitrary shell commands with root privileges.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-11
Last Modified
2026-07-11
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
praisonai aicoder to 4.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the AICoder component of PraisonAI versions 4.6.77 and below. It allows attackers to perform arbitrary file writes and execute arbitrary shell commands due to missing path validation and command sanitization in LLM tool calls.

Attackers can inject malicious prompts through the chat interface, which then exploit the `write_to_file` function to write files to any location on the filesystem, such as system-critical files like `/etc/cron.d/backdoor` or `/root/.ssh/authorized_keys`.

Additionally, the `execute_command` function runs unsanitized shell commands from LLM responses, enabling full command injection, for example, downloading and executing malicious scripts.

Because the software often runs inside Docker containers with root privileges, successful exploitation can lead to complete system compromise.

Impact Analysis

This vulnerability can have severe impacts including complete system compromise.

  • Attackers can write arbitrary files anywhere on the filesystem, potentially creating backdoors or modifying critical system files.
  • Attackers can execute arbitrary shell commands with root privileges, allowing them to take full control of the affected system.
  • The vulnerability has a critical CVSS score of 9.9, indicating high impact on confidentiality, integrity, and availability.
Detection Guidance

This vulnerability can be detected by checking for suspicious files written to critical system locations such as /etc/cron.d/ or /root/.ssh/authorized_keys, which may indicate arbitrary file writes.

Additionally, monitoring for unusual shell commands executed by the AICoder component or unexpected network activity such as downloads and executions of scripts (e.g., via curl commands) can help detect exploitation attempts.

  • Check for unexpected files in sensitive directories: ls -l /etc/cron.d/ /root/.ssh/authorized_keys
  • Search system logs for suspicious command executions or LLM tool calls.
  • Use process monitoring tools (e.g., ps, top) to identify unusual processes spawned by PraisonAI.
  • Monitor network traffic for suspicious outbound connections, such as curl commands fetching scripts from attacker-controlled domains.
Mitigation Strategies

The immediate mitigation step is to upgrade PraisonAI to version 4.6.78 or later, where the vulnerability has been patched.

Until the upgrade can be applied, restrict access to the AICoder component and the chat interface to trusted users only to reduce the risk of exploitation.

Additionally, monitor and audit file writes and command executions originating from PraisonAI to detect and respond to any suspicious activity promptly.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61445. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart