{"data":{"id":"162e63df-9cc8-4128-bbf8-3f03196ca7c5","title":"GHSA-78r8-wwqv-r299: PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334","summary":"PraisonAI versions up to 4.6.37 contain a critical vulnerability where two functions in `agents_generator.py` use `spec.loader.exec_module` (a method that loads and runs Python code from a file) without any security checks or validation. An attacker can exploit this by providing a malicious Python file path through YAML configuration, either by modifying shared config files, submitting a crafted recipe via GitHub, or using prompt injection (tricking the AI into loading code from a malicious path), resulting in arbitrary code execution (the ability to run any commands on the system).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-78r8-wwqv-r299","publishedAt":"2026-05-29T22:26:31.000Z","cveId":"CVE-2026-47398","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["PraisonAI@<= 4.6.39 (fixed: 4.6.40)"],"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["PraisonAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-29T22:26:31.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}