Vulnerability  ·  2026-07-13

PraisonAI AICoder Arbitrary File Write and Command Execution via LLM Tool Calls

VulnerabilityHigh impactGlobalCVE-2026-61445
PraisonAI before 4.6.78 (CVSS 9.9 Critical) allows chat-interface prompt injection to trigger arbitrary file writes and root-level command execution via the AICoder component, due to absent path/command validation on LLM-directed tool calls.
This gives a remote attacker root-level code execution on any host running PraisonAI's AICoder simply by manipulating chat input — a severe, directly-exploitable agent tool-calling flaw affecting a widely-installed AI agent framework.
Missing path validation and command sanitization in the AICoder component's LLM tool calls lets an attacker inject malicious prompts through the chat interface to write files to arbitrary filesystem locations and execute arbitrary shell commands with root privileges.
PraisonAI before 4.6.78
Upgrade PraisonAI to 4.6.78 or later; sanitize/validate all file paths and shell command arguments generated by the LLM before execution.
GitHub Security Advisory GHSA-9mp3-24cc-77mgNVD CVE-2026-61445
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →