SEE MATPROOF ON YOUR STACK — BOOK A 30-MINUTE DEMO
CVEnvd11 Jul 2026

CVE-2026-61447 (CVSS 10.0) — PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox en

CVE. Sourced from nvd, summarised by Matproof.

AI Analysis

What changed and what to do.

A critical vulnerability has been published under CVE-2026-61447, affecting PraisonAI versions prior to 1.6.78. The flaw carries a CVSS score of 10.0, the highest severity rating, and involves a remote code execution risk in the CodeAgent._execute_python() function. This function executes Python code generated by a large language model without any AST validation, import restrictions, or sandboxing, meaning an attacker can inject arbitrary commands directly into the system. The vulnerability was published on July 11, 2026, by the National Vulnerability Database.

Organizations using PraisonAI for AI-driven automation, particularly in sectors such as financial services, healthcare, legal tech, and any regulated industry deploying LLM-based agents for data processing or decision support, are directly affected. Any entity that has integrated PraisonAI into their software supply chain or internal tooling should treat this as a high-priority security incident, as exploitation could lead to full system compromise, data exfiltration, or regulatory non-compliance under frameworks like GDPR, DORA, or NIS2.

Compliance teams should immediately verify the version of PraisonAI in use and upgrade to version 1.6.78 or later. If immediate patching is not possible, implement strict network segmentation and disable the CodeAgent functionality until the update is applied. Additionally, review any logs for signs of unauthorized code execution and ensure that incident response plans are updated to address AI-specific vulnerabilities. Finally, document this finding in your risk register and notify relevant data protection authorities if personal data exposure is suspected.

This summary is AI-generated for orientation purposes. For regulatory action, always consult the original source linked above.

More CVE updates

Latest in CVE.

Live regulatory monitoring

Never miss a compliance update.

Get weekly digests of DORA, NIS2, GDPR, MaRisk, and ISO 27001 changes — straight to your inbox. Free.

No spam. Weekly digest only. Unsubscribe anytime.

DORANIS2GDPRMaRiskISO 27001

Map this to your controls

Connect regulatory changes to your compliance work.

Matproof maps every regulator update directly to your controls and surfaces the ones that affect your organisation — across 21 frameworks.

CVE-2026-61447 (CVSS 10.0) — PraisonAI before 1.6.78 cont… — CVE | Matproof