CVE-2026-61446: Improper Control of Generation of Code ('Code Injection') in MervinPraison PraisonAI
PraisonAI (praisonaiagents) before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python (.py) files from project-level and user-home .praisonai/plugins/ directories using importlib spec_from_file_location() and exec_module() without code signing, integrity verification, or sandboxing. An attacker who can write a malicious .py file to a plugin directory (for example via path traversal, a supply chain attack, or a compromised dependency) achieves arbitrary code execution when the plugin system initializes.
AI Analysis
Technical Summary
CVE-2026-61446 describes a remote code execution vulnerability in MervinPraison's PraisonAI before version 1.6.78. The plugin manager uses importlib's spec_from_file_location() and exec_module() to load Python plugins from project-level and user-home .praisonai/plugins/ directories without code signing, integrity checks, or sandboxing. If an attacker can write a malicious Python file to these directories—via path traversal, supply chain compromise, or other means—they can achieve arbitrary code execution during plugin initialization. The vulnerability has a CVSS 4.0 score of 8.6, indicating high impact with low attack complexity and no required privileges or user interaction.
Potential Impact
Successful exploitation allows an attacker to execute arbitrary Python code remotely on the affected system without requiring privileges or user interaction. This can lead to full system compromise, data theft, or further malicious activity. The vulnerability arises from the lack of code signing and integrity verification in the plugin loading process.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict write access to the .praisonai/plugins/ directories to trusted users only and monitor for unauthorized file additions. Avoid using untrusted plugins or dependencies that could write to these directories.
CVE-2026-61446: Improper Control of Generation of Code ('Code Injection') in MervinPraison PraisonAI
Description
PraisonAI (praisonaiagents) before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python (.py) files from project-level and user-home .praisonai/plugins/ directories using importlib spec_from_file_location() and exec_module() without code signing, integrity verification, or sandboxing. An attacker who can write a malicious .py file to a plugin directory (for example via path traversal, a supply chain attack, or a compromised dependency) achieves arbitrary code execution when the plugin system initializes.
CVSS v4.0
Score 8.6high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-61446 describes a remote code execution vulnerability in MervinPraison's PraisonAI before version 1.6.78. The plugin manager uses importlib's spec_from_file_location() and exec_module() to load Python plugins from project-level and user-home .praisonai/plugins/ directories without code signing, integrity checks, or sandboxing. If an attacker can write a malicious Python file to these directories—via path traversal, supply chain compromise, or other means—they can achieve arbitrary code execution during plugin initialization. The vulnerability has a CVSS 4.0 score of 8.6, indicating high impact with low attack complexity and no required privileges or user interaction.
Potential Impact
Successful exploitation allows an attacker to execute arbitrary Python code remotely on the affected system without requiring privileges or user interaction. This can lead to full system compromise, data theft, or further malicious activity. The vulnerability arises from the lack of code signing and integrity verification in the plugin loading process.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict write access to the .praisonai/plugins/ directories to trusted users only and monitor for unauthorized file additions. Avoid using untrusted plugins or dependencies that could write to these directories.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-07-09T14:06:14.016Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a57772068715ace43a93bbf
Added to database: 07/15/2026, 12:03:44 UTC
Last enriched: 07/15/2026, 12:17:49 UTC
Last updated: 07/15/2026, 20:50:48 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.