Tool Approval Cache Bypass in PraisonAI by Mervin Praison
CVE-2026-60087

6.9MEDIUM

Key Information:

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-60087?

PraisonAI versions prior to 1.6.78 are vulnerable due to a flaw that allows attackers to exploit cached tool approval decisions. This vulnerability occurs because the system only caches approvals based on the tool name, enabling malicious actors to reuse these approvals for unauthorized operations in the same session. By initially obtaining approval for a benign action, an attacker may execute harmful file write operations using unverified parameters, thus compromising the integrity and security of the application.

Affected Version(s)

PraisonAI 0 < 1.6.78

PraisonAI 1.6.78

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SnailSploit
.