What happened
NVD published CVE-2026-61447 (CVSS 10.0 Critical) on 2026-07-11 (confirmed via direct NVD fetch), describing PraisonAI's CodeAgent executing arbitrary LLM-generated Python with zero sandboxing.
Why it matters
This is a maximum-severity, textbook agent-code-execution vulnerability — any prompt injection reaching the agent results in unrestricted RCE and credential theft, directly matching the novel agent-execution attack class with a clear, working exploit path.
Attack vector
PraisonAI's CodeAgent._execute_python() executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement; an attacker can use prompt injection to make the LLM emit malicious Python that exfiltrates environment variables/secrets or achieves full remote code execution on the host.
Affected systems
PraisonAI < 1.6.78 (CodeAgent._execute_python())
Mitigation
Upgrade to PraisonAI >= 1.6.78, which adds AST validation, import restrictions, and sandbox enforcement for CodeAgent execution.