SecBoard
Zurück zur CVE-Übersicht

CVE-2026-61433

HIGH(7.8)

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Risk Signal Score30/100 — MITTEL
  • CVSS 7.8 — Hoch
  • Weniger als 24 Stunden alt

Beschreibung

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agents_file configuration parameters that execute when the generated server starts or handles requests.

Referenzen