← العودة للجدول
CVE-2026-61447
CVE-2026-61447 — PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAg
📅 2026-07-11
🔴 Critical 🔥 No NVD AI Attack Vulnerability CVSS 10

📋 الوصف الكامل

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.

💻 الأنظمة المتأثرة

⚠️ نوع التهديد

AI Attack

🔗 CVE ID

CVE-2026-61447

📡 المصدر

NVD

✅ الحلول والتخفيف

Refer to CVE-2026-61447 NVD advisory

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ← 🔍 Valters IT ←