SEE MATPROOF ON YOUR STACK — BOOK A 30-MINUTE DEMO
CVEnvd11 Jul 2026

CVE-2026-61445 (CVSS 9.9) — PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attacker

CVE. Sourced from nvd, summarised by Matproof.

AI Analysis

What changed and what to do.

A critical vulnerability has been published under CVE-2026-61445, affecting PraisonAI versions prior to 4.6.78. The flaw, rated CVSS 9.9, resides in the AICoder component and allows arbitrary file write and command execution due to missing path validation and command sanitization in LLM tool calls. This means an attacker could exploit the vulnerability to write malicious files or execute arbitrary commands on the affected system, potentially leading to full system compromise.

Organizations using PraisonAI for AI-driven code generation, automation, or LLM-based tooling are directly affected. This includes sectors such as financial services, healthcare, technology, and any regulated industry deploying AI-assisted development or operational workflows. Given the high severity score, any entity with PraisonAI in their software supply chain or internal tooling should treat this as a priority.

Compliance teams should immediately verify their PraisonAI version and upgrade to version 4.6.78 or later. Conduct a risk assessment to determine if the vulnerable component is exposed to untrusted inputs or network access. Review and update incident response plans to account for potential exploitation, and ensure that any affected systems are isolated or patched without delay. Document remediation actions for audit and regulatory reporting purposes.

This summary is AI-generated for orientation purposes. For regulatory action, always consult the original source linked above.

More CVE updates

Latest in CVE.

Live regulatory monitoring

Never miss a compliance update.

Get weekly digests of DORA, NIS2, GDPR, MaRisk, and ISO 27001 changes — straight to your inbox. Free.

No spam. Weekly digest only. Unsubscribe anytime.

DORANIS2GDPRMaRiskISO 27001

Map this to your controls

Connect regulatory changes to your compliance work.

Matproof maps every regulator update directly to your controls and surfaces the ones that affect your organisation — across 21 frameworks.

CVE-2026-61445 (CVSS 9.9) — PraisonAI before 4.6.78 conta… — CVE | Matproof