Exposures › CVE-2026-61445
PraisonAI's AICoder component allows attackers to execute arbitrary root commands via chat interface prompt injection before version 4.6.78.
This critical vulnerability enables remote code execution and arbitrary file writes through unvalidated paths and unsanitized commands in LLM tool calls, posing severe risk to DIB systems relying on AI-assisted development or security tools. Organizations must immediately patch or isolate affected PraisonAI deployments to prevent unauthorized code execution and potential data exfiltration.
Shame score — Critical RCE vulnerability in AI component exploited via chat interface with no mention of responsible disclosure or vendor mitigation timeline.
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem locations and execute arbitrary shell commands with root privileges.
No correlated FedRAMP products.