PT-2026-60134 · Mervinpraison · Praisonai
Snailsploit
·
Published
2026-07-15
·
Updated
2026-07-15
·
CVE-2026-60087
CVSS v3.1
6.1
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L |
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with unreviewed parameters in the same session.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Praisonai