Prompt Injection Defense Bypass in PraisonAI by Praison
CVE-2026-60086
6.9MEDIUM
What is CVE-2026-60086?
The PraisonAI application prior to version 4.6.78 is susceptible to a bypass of its prompt injection defense mechanisms. Attackers may exploit this vulnerability to execute crafted single or double-vector prompt injections. These injections are categorized under a HIGH threat level and may pass through the system's defenses without triggering alerts, as the existing defense only activates against threats deemed CRITICAL. This vulnerability can lead to serious security risks by allowing unauthorized access to the model and compromising sensitive data.
Affected Version(s)
PraisonAI 0 < 4.6.78
PraisonAI 4.6.78
