Path Traversal in Mervinpraison Praisonai
CVE-2026-61445
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through…
Vulnerability class: Path Traversal (Directory Traversal)
CVSS v3 metric
CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Mervinpraison Praisonai — versions 0, 4.6.78
Weakness classification (CWE)
References
- disclosure@vulncheck.com (vendor-advisory)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2026-61445?
- CVE-2026-61445 is a critical-severity vulnerability in Mervinpraison Praisonai, classified under Path Traversal. CVSS score: 9.9/10. Published 2026-07-11.
- How severe is CVE-2026-61445?
- Critical severity. CVSS v3 base score is 9.9 out of 10.