COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-61447

CVE-2026-61447

Severity
critical
Source
NVD · cve
Published
2026-07-11
CVSS
10.0
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-61447
⚡ RCE shame 85/100 rceunpatchedexploited-in-wild

PraisonAI's CodeAgent executes unvalidated LLM-generated Python code, enabling remote code execution via prompt injection.

This critical vulnerability allows attackers to inject prompts that bypass AST validation and sandboxing to execute arbitrary code and exfiltrate secrets. DIB organizations must verify vendor patching timelines and restrict LLM-based code execution to isolated, audited environments to prevent unauthorized access to classified systems.

Shame score — A critical RCE flaw in an AI code execution engine that lacks basic security controls like AST validation or sandboxing represents a severe negligence in securing AI-driven development tools.

Description

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.