GHSA-qpq9-hwx9-cwgcHighCVSS 7.8

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating...

Published
July 15, 2026
Last Modified
July 15, 2026

🔗 CVE IDs covered (1)

📋 Description

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agents_file configuration parameters that execute when the generated server starts or handles requests.

🔗 References (5)