ГлавнаяУязвимости → CVE-2026-61434
8.8высокая

CVE-2026-61434

Описание

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -delete actions. Attackers can craft find commands with these built-in actions to read blocked files, delete files, or execute non-allowlisted binaries without triggering shell metacharacter filters.

CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cv3g-hj65-pcfhhttps://www.vulncheck.com/advisories/praisonai-before-allowlist-bypass-via-find-exechttps://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cv3g-hj65-pcfh