Prompt Injection Defense Misconfiguration in PraisonAI by Mervin Praison
CVE-2026-61439

8.7HIGH

Key Information:

Status
Vendor
CVE Published:
11 July 2026

What is CVE-2026-61439?

PraisonAI versions prior to 4.6.78 are affected by a prompt injection defense misconfiguration, where the default block threshold is set to CRITICAL severity. This flaw allows HIGH-level threat vectors to bypass defenses, leading to potential instruction overrides and financial manipulation. Such vulnerabilities may result in significant security breaches, as attacks are logged but not blocked, facilitating unauthorized access to system prompts and tool invocations.

Affected Version(s)

PraisonAI 0 < 4.6.78

PraisonAI 4.6.78

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

chakrapani150
.