GHSA-vc46-vw85-3wvm: PraisonAI has critical RCE via `type: job` workflow YAML

April 10, 2026

praisonai workflow run <file.yaml> loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in job_workflow.py.

This supports:

run: → shell command execution via subprocess.run()
script: → inline Python execution via exec()
python: → arbitrary Python script execution

A malicious YAML file can execute arbitrary host commands.

References

github.com/MervinPraison/PraisonAI
github.com/MervinPraison/PraisonAI/releases/tag/v4.5.139
github.com/MervinPraison/PraisonAI/security/advisories/GHSA-vc46-vw85-3wvm
github.com/advisories/GHSA-vc46-vw85-3wvm

Code Behaviors & Features

Detect and mitigate GHSA-vc46-vw85-3wvm with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →