CVE-2026-61433
HIGH
NVD
CVSS Score
7.8
Severity
HIGH
Published
Jul 15, 2026
Vendor
unknown
Description
PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agents_file configuration parameters that execute when the generated server starts or handles requests.