{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/praisonai--4.6.78/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.1,"id":"CVE-2026-61444"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PraisonAI (\u003c 4.6.78)"],"_cs_severities":["critical"],"_cs_tags":["code-injection","RCE","web-application","python"],"_cs_type":"advisory","_cs_vendors":["MervinPraison"],"content_html":"\u003cp\u003eCVE-2026-61444 describes a critical code injection vulnerability affecting PraisonAI versions prior to 4.6.78. This flaw resides in the \u003ccode\u003edeploy/api.py\u003c/code\u003e component, where the \u003ccode\u003eagents_file\u003c/code\u003e parameter is directly interpolated into an f-string without proper sanitization. An authenticated attacker with high privileges can exploit this by injecting arbitrary Python code into the \u003ccode\u003eagents_file\u003c/code\u003e parameter. When the application's generated server code runs this unsanitized input via \u003ccode\u003esubprocess.Popen()\u003c/code\u003e, the injected Python code executes on the server, leading to remote code execution. This vulnerability presents a severe risk for organizations using vulnerable PraisonAI instances, allowing a privileged attacker to gain full control over the underlying system by leveraging their existing access.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker first obtains or possesses high-privileged, authenticated access to a PraisonAI instance.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies the \u003ccode\u003edeploy/api.py\u003c/code\u003e endpoint and the \u003ccode\u003eagents_file\u003c/code\u003e parameter within the vulnerable PraisonAI application (versions prior to 4.6.78).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request, typically a POST request, targeting the \u003ccode\u003edeploy/api.py\u003c/code\u003e endpoint of the PraisonAI server.\u003c/li\u003e\n\u003cli\u003eWithin this request, the \u003ccode\u003eagents_file\u003c/code\u003e parameter is supplied with a specially crafted string containing arbitrary Python code designed to break out of the f-string context and inject executable commands.\u003c/li\u003e\n\u003cli\u003eThe PraisonAI application receives the authenticated request, and the vulnerable code in \u003ccode\u003edeploy/api.py\u003c/code\u003e processes the malicious \u003ccode\u003eagents_file\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe unsanitized \u003ccode\u003eagents_file\u003c/code\u003e value is directly interpolated into an f-string, which is used to dynamically generate server code, thereby embedding the attacker's malicious Python payload.\u003c/li\u003e\n\u003cli\u003eThe generated server code, now containing the injected malicious Python, is executed on the host system via \u003ccode\u003esubprocess.Popen()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe injected Python code executes with the privileges of the PraisonAI process, resulting in remote code execution (RCE) and potential full compromise of the underlying server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-61444 allows an attacker with high-privileged access to achieve remote code execution on the server hosting the PraisonAI application. This can lead to complete compromise of the underlying system, enabling the attacker to execute arbitrary commands, access sensitive data, modify or delete files, and establish persistent access. The impact includes severe data breaches, system integrity compromise, and potentially further lateral movement within the compromised network. While requiring high privileges, the vulnerability's ease of exploitation once privileges are obtained makes it a critical concern for affected organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-61444 immediately by upgrading PraisonAI to version 4.6.78 or later, as specified by the vendor.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detects CVE-2026-61444 Exploitation - PraisonAI Code Injection Attempt\u0026quot; to your SIEM and monitor web server logs for suspicious requests to \u003ccode\u003e/deploy/api.py\u003c/code\u003e containing code injection indicators.\u003c/li\u003e\n\u003cli\u003eImplement strict access controls and regular auditing for high-privileged accounts interacting with the PraisonAI application.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-10T15:19:13Z","date_published":"2026-07-10T15:19:13Z","id":"https://feed.craftedsignal.io/briefs/2026-07-praisonai-code-injection/","summary":"PraisonAI versions prior to 4.6.78 are vulnerable to a critical code injection flaw within the deploy/api.py component, allowing authenticated attackers with high privileges to inject and execute arbitrary Python code via an unsanitized 'agents_file' parameter, leading to remote code execution.","title":"PraisonAI Code Injection Vulnerability (CVE-2026-61444)","url":"https://feed.craftedsignal.io/briefs/2026-07-praisonai-code-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - PraisonAI (\u003c 4.6.78)","version":"https://jsonfeed.org/version/1.1"}