Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-61433

HIGH NVD
CVSS Score 7.8
Severity HIGH
Published Jul 15, 2026
Vendor unknown

Description

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agents_file configuration parameters that execute when the generated server starts or handles requests.

References