CVE-2026-61447
Received Received - Intake

Remote Code Execution in PraisonAI via LLM-Generated Python Code

Vulnerability report for CVE-2026-61447, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-11

Last updated on: 2026-07-11

Assigner: VulnCheck

Description

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-11
Last Modified
2026-07-11
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
praisonai codeagent to 1.6.78 (exc)
praisonai praisonaiagents to 1.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-61447 is a critical vulnerability in the PraisonAI CodeAgent component, specifically in versions prior to 1.6.78. The vulnerability exists because the _execute_python() method executes Python code generated by a large language model (LLM) without proper validation or sandboxing.

This method runs the code in a subprocess that inherits the full environment of the parent process, including all sensitive secrets such as API keys and credentials. Despite a sandbox setting being enabled, it is effectively ignored.

Attackers can exploit this by injecting malicious prompts that influence the LLM output, allowing them to execute arbitrary code remotely and exfiltrate all environment secrets.

Impact Analysis

This vulnerability can have severe impacts including full credential theft and arbitrary code execution on the host system.

An attacker who successfully exploits this flaw can remotely execute malicious code, potentially taking full control of the affected system.

The exposure of sensitive environment secrets such as API keys and credentials can lead to further compromise of connected systems and data.

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade the PraisonAI CodeAgent component to version 1.6.78 or later, where the issue has been addressed.

Avoid using versions of the praisonaiagents package prior to 1.6.78, as they execute LLM-generated Python code without proper sandboxing, AST validation, or import restrictions, allowing remote code execution and credential theft.

Additionally, review and restrict any external inputs that influence LLM output to reduce the risk of prompt injection attacks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61447. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart