Prompt Injection Defense Misconfiguration in PraisonAI by Mervin Praison
CVE-2026-61439
8.7HIGH
What is CVE-2026-61439?
PraisonAI versions prior to 4.6.78 are affected by a prompt injection defense misconfiguration, where the default block threshold is set to CRITICAL severity. This flaw allows HIGH-level threat vectors to bypass defenses, leading to potential instruction overrides and financial manipulation. Such vulnerabilities may result in significant security breaches, as attacks are logged but not blocked, facilitating unauthorized access to system prompts and tool invocations.
Affected Version(s)
PraisonAI 0 < 4.6.78
PraisonAI 4.6.78
