3 matches found
EUVD-2026-43182
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...
CVE-2026-61447
PraxionAI before 1.6.78 exposes a remote code execution flaw in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandboxing. This enables prompt-injection to exfiltrate environment secrets and run arbitrary code on the host. The v...
PT-2026-57440
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.78 Description A remote code execution issue exists in the CodeAgent. execute python function. The software executes Python code generated by a Large Language Model LLM without employing Abstract Syntax Tree AST...