CVE-2026-60087

medium

Description

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with unreviewed parameters in the same session.

References

https://www.vulncheck.com/advisories/praisonai-before-tool-approval-cache-bypass

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-29r9-67vg-qj56

Details

Source: Mitre, NVD

Published: 2026-07-15

Updated: 2026-07-15

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Severity: Medium

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Severity: Medium