Tool Approval Cache Bypass in PraisonAI by Mervin Praison
CVE-2026-60087
6.9MEDIUM
What is CVE-2026-60087?
PraisonAI versions prior to 1.6.78 are vulnerable due to a flaw that allows attackers to exploit cached tool approval decisions. This vulnerability occurs because the system only caches approvals based on the tool name, enabling malicious actors to reuse these approvals for unauthorized operations in the same session. By initially obtaining approval for a benign action, an attacker may execute harmful file write operations using unverified parameters, thus compromising the integrity and security of the application.
Affected Version(s)
PraisonAI 0 < 1.6.78
PraisonAI 1.6.78
