Skip to content
Threat Feed
high advisory

CVE-2026-61434: PraisonAI Shell Command Allowlist Bypass

PraisonAI versions prior to 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to use find's built-in -exec, -execdir, and -delete actions to execute restricted commands, read or delete files, or run non-allowlisted binaries, bypassing existing shell metacharacter filters, which can lead to arbitrary command execution and impact system integrity.

Attackers can exploit CVE-2026-61434, a critical allowlist bypass vulnerability in PraisonAI versions before 4.6.78. This flaw permits the execution of restricted shell commands by leveraging specific built-in actions of the find utility: -exec, -execdir, and -delete. By crafting malicious input that eventually triggers a find command with these parameters, threat actors can circumvent the application's existing shell metacharacter filters. This enables unauthorized operations such as reading sensitive files, deleting critical system components, or executing arbitrary, non-allowlisted binaries, potentially leading to full system compromise or data manipulation. The vulnerability was published on July 10, 2026.

Attack Chain

  1. An attacker gains initial access to a system running a vulnerable version of PraisonAI, potentially through a separate vulnerability or compromised credentials.
  2. The attacker crafts specific input to the PraisonAI application that is designed to be processed by an underlying find command.
  3. The crafted input includes find command syntax utilizing the built-in actions -exec, -execdir, or -delete.
  4. The PraisonAI application, due to the allowlist bypass vulnerability, executes the crafted find command without properly filtering these sensitive actions.
  5. The -exec or -execdir actions are used to execute arbitrary binaries or scripts not present in the application's allowlist.
  6. Alternatively, the -delete action is used to remove critical files or directories, leading to data destruction or denial of service.
  7. Successful exploitation results in arbitrary command execution, allowing the attacker to establish persistence, exfiltrate data, or further compromise the host system.

Impact

Successful exploitation of CVE-2026-61434 grants attackers significant control over the affected system. The ability to execute arbitrary commands allows for potential full system compromise, including privilege escalation, installation of malicious software, and lateral movement within the network. Attackers can read blocked files, leading to sensitive data exfiltration, or delete critical files, resulting in data loss, system instability, or denial of service for the PraisonAI application and potentially the host system. While no specific victim numbers or targeted sectors are currently disclosed, any organization utilizing PraisonAI versions prior to 4.6.78 is at risk.

Recommendation

  • Immediately patch PraisonAI to version 4.6.78 or later to address CVE-2026-61434.
  • Deploy the Sigma rule "Detect PraisonAI CVE-2026-61434 Exploitation - Suspicious find Command Execution" to your SIEM to monitor for suspicious find command executions on Linux systems.
  • Enable comprehensive process creation logging (e.g., using Auditd or Sysmon for Linux) to provide telemetry for the detection rules.
  • Implement robust input validation and sanitization for all user-supplied data processed by applications that interact with the operating system shell.

Detection coverage 1

Detect PraisonAI CVE-2026-61434 Exploitation - Suspicious find Command Execution

high

Detects CVE-2026-61434 exploitation - `find` commands containing `-exec`, `-execdir`, or `-delete` options, which can be leveraged for allowlist bypass and arbitrary command execution in vulnerable PraisonAI instances.

sigma tactics: execution techniques: T1059.004 sources: process_creation, linux

Detection queries are available on the platform. Get full rules →

Indicators of compromise

2

url

TypeValue
urlhttps://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cv3g-hj65-pcfh
urlhttps://www.vulncheck.com/advisories/praisonai-before-allowlist-bypass-via-find-exec