Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-61434

HIGH NVD
CVSS Score 8.8
Severity HIGH
Published Jul 10, 2026
Vendor unknown

Description

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files, delete files, or execute non-allowlisted binaries without triggering shell metacharacter filters.

References