Zurück zur CVE-Übersicht
CVE-2026-61438
HIGH(7.3)CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Risk Signal Score28/100 — MITTEL
- CVSS 7.3 — Hoch
- Weniger als 24 Stunden alt
Beschreibung
PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor._exec_inline_python() due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system() calls that bypass sandbox checks and execute arbitrary OS commands with process privileges.