Product
A critical vulnerability, CVE-2026-61437, in PraisonAI's `praisonaiagents` pip package before version 1.6.78 allows an attacker to achieve remote code execution by exploiting an unsafe dynamic module loading mechanism when a malicious workflow file and an adjacent `tools.py` are executed, bypassing sandboxing and leading to arbitrary Python code execution with workflow runner privileges.