Back to CVE List

CVE-2026-60085

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Description

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and allow_file_write restrictions are completely ignored. Attackers can execute arbitrary subprocess commands, read sensitive files, and perform destructive operations despite explicit security policy configuration.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-273
Source
NVD
Vendor
MervinPraison
Product
PraisonAI

External References

Discussion (0)

Add Comment

No comments yet. Be the first!