PT-2026-57437 · Praisonai · Praisonai

Chakrapani150

·

Published

2026-07-11

·

Updated

2026-07-11

·

CVE-2026-61439

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.78
Description A prompt injection defense misconfiguration exists where the block threshold defaults to CRITICAL severity. This allows threats categorized as HIGH severity to pass through without being blocked. Attackers can utilize single-vector prompt injection attacks, such as instruction overrides or financial manipulation, which trigger HIGH severity detection but are only logged. This flaw enables the extraction of system prompts and unauthorized tool invocations.
Recommendations Update to version 4.6.78 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61439
GHSA-FJ8F-M44G-C479

Affected Products

Praisonai