{"data":{"id":"85559acc-5bfb-4a57-823e-b5fb2e8d4752","title":"CVE-2026-61447: PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-","summary":"PraisonAI before version 1.6.78 has a critical remote code execution vulnerability in its CodeAgent._execute_python() function, which runs Python code generated by the AI without proper safety checks like AST validation (checking code structure before running it) or sandboxing (isolating code so it can't access the full system). Attackers can use prompt injection (tricking the AI by hiding malicious instructions in their input) to make the AI generate harmful code that steals secret credentials from the system or runs arbitrary commands.","solution":"Upgrade PraisonAI to version 1.6.78 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-61447","publishedAt":"2026-07-11T14:16:23.377Z","cveId":"CVE-2026-61447","cweIds":["CWE-94"],"cvssScore":"10","cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["PraisonAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-11T14:16:23.377Z","capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0051"]}}