CVE-2026-61434: PraisonAI Shell Command Allowlist Bypass
PraisonAI versions prior to 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to use find's built-in -exec, -execdir, and -delete actions to execute restricted commands, read or delete files, or run non-allowlisted binaries, bypassing existing shell metacharacter filters, which can lead to arbitrary command execution and impact system integrity.
Attackers can exploit CVE-2026-61434, a critical allowlist bypass vulnerability in PraisonAI versions before 4.6.78. This flaw permits the execution of restricted shell commands by leveraging specific built-in actions of the find utility: -exec, -execdir, and -delete. By crafting malicious input that eventually triggers a find command with these parameters, threat actors can circumvent the application's existing shell metacharacter filters. This enables unauthorized operations such as reading sensitive files, deleting critical system components, or executing arbitrary, non-allowlisted binaries, potentially leading to full system compromise or data manipulation. The vulnerability was published on July 10, 2026.
Attack Chain
- An attacker gains initial access to a system running a vulnerable version of PraisonAI, potentially through a separate vulnerability or compromised credentials.
- The attacker crafts specific input to the PraisonAI application that is designed to be processed by an underlying
findcommand. - The crafted input includes
findcommand syntax utilizing the built-in actions-exec,-execdir, or-delete. - The PraisonAI application, due to the allowlist bypass vulnerability, executes the crafted
findcommand without properly filtering these sensitive actions. - The
-execor-execdiractions are used to execute arbitrary binaries or scripts not present in the application's allowlist. - Alternatively, the
-deleteaction is used to remove critical files or directories, leading to data destruction or denial of service. - Successful exploitation results in arbitrary command execution, allowing the attacker to establish persistence, exfiltrate data, or further compromise the host system.
Impact
Successful exploitation of CVE-2026-61434 grants attackers significant control over the affected system. The ability to execute arbitrary commands allows for potential full system compromise, including privilege escalation, installation of malicious software, and lateral movement within the network. Attackers can read blocked files, leading to sensitive data exfiltration, or delete critical files, resulting in data loss, system instability, or denial of service for the PraisonAI application and potentially the host system. While no specific victim numbers or targeted sectors are currently disclosed, any organization utilizing PraisonAI versions prior to 4.6.78 is at risk.
Recommendation
- Immediately patch PraisonAI to version 4.6.78 or later to address CVE-2026-61434.
- Deploy the Sigma rule "Detect PraisonAI CVE-2026-61434 Exploitation - Suspicious find Command Execution" to your SIEM to monitor for suspicious
findcommand executions on Linux systems. - Enable comprehensive process creation logging (e.g., using Auditd or Sysmon for Linux) to provide telemetry for the detection rules.
- Implement robust input validation and sanitization for all user-supplied data processed by applications that interact with the operating system shell.
Detection coverage 1
Detect PraisonAI CVE-2026-61434 Exploitation - Suspicious find Command Execution
highDetects CVE-2026-61434 exploitation - `find` commands containing `-exec`, `-execdir`, or `-delete` options, which can be leveraged for allowlist bypass and arbitrary command execution in vulnerable PraisonAI instances.
Detection queries are available on the platform. Get full rules →
Indicators of compromise
2
url
| Type | Value |
|---|---|
| url | https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cv3g-hj65-pcfh |
| url | https://www.vulncheck.com/advisories/praisonai-before-allowlist-bypass-via-find-exec |