Exposures › CVE-2026-61447
PraisonAI's CodeAgent executes unvalidated LLM-generated Python code, enabling remote code execution via prompt injection.
This critical vulnerability allows attackers to inject prompts that bypass AST validation and sandboxing to execute arbitrary code and exfiltrate secrets. DIB organizations must verify vendor patching timelines and restrict LLM-based code execution to isolated, audited environments to prevent unauthorized access to classified systems.
Shame score — A critical RCE flaw in an AI code execution engine that lacks basic security controls like AST validation or sandboxing represents a severe negligence in securing AI-driven development tools.
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.
No correlated FedRAMP products.