CVE-2026-60087

Summary

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with unreviewed parameters in the same session.

Affected Software

VendorProductVersion RangeStatus
MervinPraisonPraisonAI0 < 1.6.78affected
MervinPraisonPraisonAI1.6.78unaffected

Weaknesses

  • CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References