GHSA-qh3g-555w-f82qHighCVSS 7.3

PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor...

Published
July 15, 2026
Last Modified
July 15, 2026

🔗 CVE IDs covered (1)

📋 Description

PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor._exec_inline_python() due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system() calls that bypass sandbox checks and execute arbitrary OS commands with process privileges.

🔗 References (4)