cvedb.io
CVE-2026-61433
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2026-07-15T12:18:18.553 · Last modified 2026-07-15T12:18:18.553

Summary

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agents_file configuration parameters that execute when the generated server starts or handles requests.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.