PT-2026-60134 · Mervinpraison · Praisonai

Snailsploit

·

Published

2026-07-15

·

Updated

2026-07-15

·

CVE-2026-60087

CVSS v3.1

6.1

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with unreviewed parameters in the same session.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-60087

Affected Products

Praisonai