Skip to main content
CVE-2026-61447 CRITICAL PATCH Act Now

Remote code execution in PraisonAI before 1.6.78 allows attackers to run arbitrary Python on the host by manipulating the LLM that drives the CodeAgent component. Because CodeAgent._execute_python() runs LLM-generated code with no AST validation, import restrictions, or sandbox, an attacker who can shape model output via prompt injection can exfiltrate all environment secrets and gain full control of the agent host. VulnCheck reports the flaw with a maximum CVSS 4.0 score of 10.0; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Code Injection Python RCE Praisonai
NVD GitHub VulDB
CVSS 4.0
10.0
EPSS
0.5%
CVE-2026-57827 CRITICAL Act Now

Unauthenticated arbitrary file upload in the RSFiles download-manager extension for Joomla (by RSJoomla) lets remote attackers upload executable files (e.g. PHP web shells) and achieve full remote code execution on the hosting server. The CVSS 4.0 threat metrics flag exploitation as active (E:A) and automatable (AU:Y), and NVD/ADP assigns maximum urgency, but no CISA KEV listing was provided in this data. A vendor product page and a third-party technical writeup are referenced; standalone public exploit code was not confirmed in the supplied sources.

File Upload Rsjoomla Com Rsfiles Extension For Joomla
NVD VulDB
CVSS 4.0
10.0
EPSS
0.3%
CVE-2026-61445 CRITICAL PATCH Act Now

Root-level command execution and arbitrary file write in PraisonAI's AICoder component (all versions before 4.6.78) let an attacker with chat-interface access weaponize LLM tool calls: because file paths are not validated and shell commands are not sanitized, a crafted prompt can write files anywhere on the host and run arbitrary shell commands as root. Reported by VulnCheck and fixed in 4.6.78, this is a CVSS 9.4 (v4.0) flaw with no public exploit identified at time of analysis, though the injection path is trivial to trigger for any user who can reach the chat.

Path Traversal Praisonai
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.5%
CVE-2026-60090 CRITICAL PATCH Act Now

SQL/CQL injection in PraisonAI's PGVector and Cassandra knowledge-store backends before 4.6.78 allows a caller who controls the create_collection() dimension argument to inject arbitrary database tokens. Although the code validates schema, keyspace, and collection-name identifiers, the dimension value - typed as int but never enforced at runtime - is string-interpolated directly into the vector column of the generated CREATE TABLE DDL, so a payload like '3); DROP TABLE tenant_secrets; --' executes against the backing database. No public exploit identified at time of analysis; the flaw was reported by VulnCheck and a vendor patch is available.

SQLi Praisonai
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-57828 CRITICAL Act Now

Arbitrary file upload in the Phoca Download extension for Joomla lets any authenticated registered user upload executable files (e.g. PHP) that the server will run, yielding full remote code execution. The flaw is scored 9.0 (CVSS 4.0) and is exploitable over the network by low-privilege accounts, so any site permitting self-registration is directly at risk. A public technical write-up describing the RCE technique exists, though no active exploitation has been confirmed by CISA KEV.

File Upload Phoca Cz Phoca Download Extension For Joomla
NVD VulDB
CVSS 4.0
9.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy