CVE-2026-60087 PUBLISHED

PraisonAI before 1.6.78 Tool Approval Cache Bypass

Assigner: VulnCheck
Reserved: 08.07.2026 Published: 15.07.2026 Updated: 15.07.2026

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with unreviewed parameters in the same session.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
CVSS Score: 6.9

Product Status

Vendor MervinPraison
Product PraisonAI
Versions Default: unaffected
  • affected from 0 to 1.6.78 (excl.)
  • Version 1.6.78 is unaffected

Credits

  • SnailSploit reporter

References

Problem Types

  • Incorrect Authorization CWE