PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and allow_file_write restrictions are completely ignored. Attackers can execute arbitrary subprocess commands, read sensitive files, and perform destructive operations despite explicit security policy configuration.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-60085 exposes a critical flaw in PraisonAI versions before 4.6.78 where the Subprocess Sandbox backend completely ignores all configured security restrictions. Despite administrators explicitly setting blocked_commands, blocked_paths, blocked_imports, allow_subprocess, and allow_file_write policies, these controls are unenforced, allowing attackers to execute arbitrary subprocess commands, access sensitive files, and perform destructive operations. This vulnerability is particularly dangerous for organizations deploying PraisonAI as an AI agent platform, as it transforms what should be a sandboxed, controlled environment into an unrestricted execution context. Any user or compromised integration with access to PraisonAI can bypass intended security boundaries, making this a high-severity issue (CVSS 7.5) affecting the integrity and confidentiality of systems relying on these controls.
While CVE-2026-60085 has no mapped MITRE ATT&CK techniques listed, the attack patterns it enables align with command execution and file access abuse tactics. Practitioners using Casky.ai would detect suspicious activity through Claude's extended reasoning capabilities by identifying anomalous subprocess invocations, unauthorized file system access attempts, and import statements that violate configured policies. Security teams should monitor for execution patterns that conflict with documented sandbox rules—such as subprocess calls to dangerous commands when allow_subprocess is false, file writes to protected paths, or imports of restricted modules. Casky's skill correlation would highlight these policy violations across the 754 security skills mapped to ATT&CK, enabling practitioners to recognize and respond to exploitation attempts before attackers achieve persistent access or data exfiltration.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-60085. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation