Currently free during beta - premium features coming soon. Subscribe now to lock in early access.

CVE-2026-61445 (CVSS 9.9) — PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attacker

CVE Vulnerabilities & CVEs · · nvd

AI Analysis

A critical vulnerability has been published under CVE-2026-61445, affecting PraisonAI versions prior to 4.6.78. The flaw, rated CVSS 9.9, resides in the AICoder component and allows arbitrary file write and command execution due to missing path validation and command sanitization in LLM tool calls. This means an attacker could exploit the vulnerability to write malicious files or execute arbitrary commands on the affected system, potentially leading to full system compromise.

Organizations using PraisonAI for AI-driven code generation, automation, or LLM-based tooling are directly affected. This includes sectors such as financial services, healthcare, technology, and any regulated industry deploying AI-assisted development or operational workflows. Given the high severity score, any entity with PraisonAI in their software supply chain or internal tooling should treat this as a priority.

Compliance teams should immediately verify their PraisonAI version and upgrade to version 4.6.78 or later. Conduct a risk assessment to determine if the vulnerable component is exposed to untrusted inputs or network access. Review and update incident response plans to account for potential exploitation, and ensure that any affected systems are isolated or patched without delay. Document remediation actions for audit and regulatory reporting purposes.

Get notified about CVE changes

Subscribe to our free weekly digest covering 24 compliance frameworks.