SecBoard
Zurück zur CVE-Übersicht

CVE-2026-61438

HIGH(7.3)

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Risk Signal Score28/100 — MITTEL
  • CVSS 7.3 — Hoch
  • Weniger als 24 Stunden alt

Beschreibung

PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor._exec_inline_python() due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system() calls that bypass sandbox checks and execute arbitrary OS commands with process privileges.

Referenzen