CVE-2026-61443

Severity CVSS v4.0:
HIGH
Type:
CWE-22 Path Traversal
Publication date:
15/07/2026
Last modified:
15/07/2026

Description

PraisonAI before 1.6.78 contains a remote code execution vulnerability in SkillTools.run_skill_script() that executes scripts without path containment validation. Attackers can supply absolute file paths to execute arbitrary scripts from any filesystem location, including those outside the intended working directory.