Vulnerability  ·  2026-07-12

PraisonAI CodeAgent — Unrestricted LLM-Generated Python Execution Enables RCE

VulnerabilityHigh impactGlobalCVE-2026-61447
NVD published CVE-2026-61447 (CVSS 10.0 Critical) on 2026-07-11 (confirmed via direct NVD fetch), describing PraisonAI's CodeAgent executing arbitrary LLM-generated Python with zero sandboxing.
This is a maximum-severity, textbook agent-code-execution vulnerability — any prompt injection reaching the agent results in unrestricted RCE and credential theft, directly matching the novel agent-execution attack class with a clear, working exploit path.
PraisonAI's CodeAgent._execute_python() executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement; an attacker can use prompt injection to make the LLM emit malicious Python that exfiltrates environment variables/secrets or achieves full remote code execution on the host.
PraisonAI < 1.6.78 (CodeAgent._execute_python())
Upgrade to PraisonAI >= 1.6.78, which adds AST validation, import restrictions, and sandbox enforcement for CodeAgent execution.
NVD — CVE-2026-61447GitHub Security Advisory GHSA-2xv2-w8cq-5gxw
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →