CVE-2026-61438
PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor._exec_inline_python() due to insufficient AST
CVSS
7.3
Alto
EPSS
0.2%
p10
KEV
—
Exploit Today
3
0-100
Publicado: 15 jul 2026 · Última mod.: 15 jul 2026 · CWE-78
0.2%EPSS · 30 días0.2%
2026-07-162026-07-17
PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor._exec_inline_python() due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system() calls that bypass sandbox checks and execute arbitrary OS commands with process privileges.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2024-121210.0 CRÍ99.9%
KEV—80Progress Kemp LoadMaster OS Command Injection Vulnerability5dCVE-2026-398089.8 CRÍ99.7%
KEV—80Fortinet FortiSandbox OS Command Injection Vulnerability1dCVE-2022-262589.8 CRÍ99.6%
KEV—80D-Link DIR-820L Remote Code Execution Vulnerability9dCVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability3dCVE-2021-252988.8 ALT99.5%
KEV—80Nagios XI OS Command Injection9d