Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-60085

HIGH NVD
CVSS Score 7.5
Severity HIGH
Published Jul 15, 2026
Vendor unknown

Description

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and allow_file_write restrictions are completely ignored. Attackers can execute arbitrary subprocess commands, read sensitive files, and perform destructive operations despite explicit security policy configuration.

References