Prompt Injection Defense Bypass in PraisonAI by Praison
CVE-2026-60086

6.9MEDIUM

Key Information:

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-60086?

The PraisonAI application prior to version 4.6.78 is susceptible to a bypass of its prompt injection defense mechanisms. Attackers may exploit this vulnerability to execute crafted single or double-vector prompt injections. These injections are categorized under a HIGH threat level and may pass through the system's defenses without triggering alerts, as the existing defense only activates against threats deemed CRITICAL. This vulnerability can lead to serious security risks by allowing unauthorized access to the model and compromising sensitive data.

Affected Version(s)

PraisonAI 0 < 4.6.78

PraisonAI 4.6.78

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SnailSploit
.