CVE-2026-61434
HIGH
NVD
CVSS Score
8.8
Severity
HIGH
Published
Jul 10, 2026
Vendor
unknown
Description
PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files, delete files, or execute non-allowlisted binaries without triggering shell metacharacter filters.