PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.run_skill_script() that executes scripts without path containment validation. Attackers can supply absolute file paths to execute arbitrary scripts from any filesystem location, including those outside the intended working directory.
Metrics
Affected Vendors & Products
References
History
Wed, 15 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mervinpraison
Mervinpraison praisonai |
|
| Vendors & Products |
Mervinpraison
Mervinpraison praisonai |
Wed, 15 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.run_skill_script() that executes scripts without path containment validation. Attackers can supply absolute file paths to execute arbitrary scripts from any filesystem location, including those outside the intended working directory. | |
| Title | PraisonAI before 1.6.78 Remote Code Execution via SkillTools | |
| First Time appeared |
Praison
Praison praisonai |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Praison
Praison praisonai |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-15T12:14:45.603Z
Reserved: 2026-07-09T14:05:47.928Z
Link: CVE-2026-61443
Updated: 2026-07-15T12:13:43.490Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-15T22:30:06Z