Product
Attackers can exploit CVE-2026-61447, a critical remote code execution vulnerability in PraisonAI versions before 1.6.78, by using prompt injection to manipulate LLM-generated Python code, leading to arbitrary code execution and exfiltration of environment secrets on the host system.