PT-2026-57437 · Praisonai · Praisonai
Chakrapani150
·
Published
2026-07-11
·
Updated
2026-07-11
·
CVE-2026-61439
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
PraisonAI versions prior to 4.6.78
Description
A prompt injection defense misconfiguration exists where the block threshold defaults to CRITICAL severity. This allows threats categorized as HIGH severity to pass through without being blocked. Attackers can utilize single-vector prompt injection attacks, such as instruction overrides or financial manipulation, which trigger HIGH severity detection but are only logged. This flaw enables the extraction of system prompts and unauthorized tool invocations.
Recommendations
Update to version 4.6.78 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Praisonai