CVE-2026-42079

CVSS v3.1

8.6

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PPTAgent versions prior to commit 418491a

Description An agentic framework for reflective PowerPoint generation allows arbitrary code execution. This occurs because the software uses the Python eval() function to process code generated by a Large Language Model (LLM) while builtins are in scope.

Recommendations Update to the version containing commit 418491a.

Exploit

Fix

Eval Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-95

Related Identifiers

CVE-2026-42079

GHSA-89G2-XW5C-V95P

Affected Products

Pptagent

CVE-2026-42079

Weakness Enumeration

Related Identifiers

Affected Products

References · 9