Critical RCE Vulnerability in PraisonAI CodeAgent (CVE-2026-61447)
A critical remote code execution vulnerability (CVE-2026-61447, CVSS 10.0) affects PraisonAI platform versions before 1.6.78. The CodeAgent._execute_python() component executes Python code generated by language models without enforcing abstract syntax tree (AST) validation, import restrictions, or sandboxing. Attackers can exploit this by injecting malicious prompts into the LLM input chain, coercing the system to generate and execute arbitrary code. Successful exploitation allows exfiltration of environment secrets, including API keys and credentials, and full host system compromise. All deployments utilizing the CodeAgent module for dynamic code execution are affected. Attackers with network access or API access to the PraisonAI instance can trigger this vulnerability. Immediate mitigation requires upgrading to version 1.6.78 or later, which implements strict code validation and sandboxing controls. No workarounds are available for prior versions. Organizations are advised to prioritize patching due to the high severity and remote exploitability of this flaw.