CVE-2026-61447
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.
- SSVC automatable: yes - attacks can be scripted at scale
- CVSS base score ≥ 7.0
Exploitation momentum
2 days of EPSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H- 11 Jul 2026Published to NVD
- 13 Jul 2026Last modified
ATT&CK techniques
4Techniques this CVE enables. Pills with a solid outline are high confidence - named directly in ATT&CK or Nuclei, or human-curated by CTID; the rest are inferred from the weakness type using MITRE's CVE Mapping Methodology and the CWE → CAPEC chain. Broad, generic-weakness guesses are filtered out. A small N× marks a technique that N independent sources agree on.
CAPEC attack patterns
3Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.