Path Traversal in Mervinpraison Praisonai

CVE-2026-61445

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through…

Vulnerability class: Path Traversal (Directory Traversal)

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-61445?
CVE-2026-61445 is a critical-severity vulnerability in Mervinpraison Praisonai, classified under Path Traversal. CVSS score: 9.9/10. Published 2026-07-11.
How severe is CVE-2026-61445?
Critical severity. CVSS v3 base score is 9.9 out of 10.