CVE-2026-60087

Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
15/07/2026
Last modified:
15/07/2026

Description

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with unreviewed parameters in the same session.