CVE-2026-60087
MEDIUM Exploitation: PoC
6.1
CVSS 3.1
Description
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with unreviewed parameters in the same session.
Metadata
Severity & Metrics
6.1
MEDIUM CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| MervinPraison | PraisonAI | — | 0 < 1.6.78, 1.6.78 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-863 | cna | Incorrect Authorization |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.9 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N |
| 6.1 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L |
References (2)
- GitHub Security Advisory (GHSA-29r9-67vg-qj56) https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-29r9-67vg-qj56
- VulnCheck Advisory: PraisonAI before 1.6.78 Tool Approval Cache Bypass https://www.vulncheck.com/advisories/praisonai-before-tool-approval-cache-bypass