CVE-2026-61446
Received Received - Intake

Remote Code Execution in PraisonAI Plugin Manager

Vulnerability report for CVE-2026-61446, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-15

Last updated on: 2026-07-15

Assigner: VulnCheck

Description

PraisonAI (praisonaiagents) before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python (.py) files from project-level and user-home .praisonai/plugins/ directories using importlib spec_from_file_location() and exec_module() without code signing, integrity verification, or sandboxing. An attacker who can write a malicious .py file to a plugin directory (for example via path traversal, a supply chain attack, or a compromised dependency) achieves arbitrary code execution when the plugin system initializes.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-15
Last Modified
2026-07-15
Generated
2026-07-15
AI Q&A
2026-07-15
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
praisonai praisonai to 1.6.78 (exc)
praisonai praisonaiagents to 1.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in PraisonAI versions before 1.6.78 allows arbitrary Python code execution through the plugin manager. The system automatically loads and executes any .py file in specific plugin directories without verifying code integrity or using sandboxing. Attackers can exploit this by placing malicious Python files in these directories via methods like path traversal or supply chain attacks.

Impact Analysis

An attacker could execute arbitrary code on your system with full Python access, potentially stealing data, installing malware, or taking control of your machine. Since the attack requires only local access and no user interaction, even users with minimal privileges could be affected if an attacker gains write access to plugin directories.

Compliance Impact

This vulnerability could lead to unauthorized data access or exfiltration, violating GDPR's data protection requirements and HIPAA's safeguards for protected health information. Organizations using PraisonAI may face compliance violations, legal penalties, and reputational damage if exploited.

Detection Guidance

Check for unauthorized .py files in .praisonai/plugins/ directories in both project-level and user home locations. Look for files with suspicious names or recent modification dates. Use commands like 'find ~ -name "*.py" -path "*/.praisonai/plugins/*"' or 'find /path/to/project -name "*.py" -path "*/.praisonai/plugins/*"' to locate plugin files.

Mitigation Strategies

Upgrade PraisonAI to version 1.6.78 or later. Remove any untrusted .py files from .praisonai/plugins/ directories. Implement file system access controls to prevent unauthorized file creation in plugin directories. Monitor for suspicious activity in plugin directories.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61446. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart