CVE-2026-56074

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.5 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N                                    

Vulnerability Description

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and credentials via subsequent shell commands without user consent.

Vulnerability Details

Published Date

June 18, 2026

Last Modified

June 18, 2026

CWE ID

CWE-863

Source

NVD

Vendor

PraisonAI

Product

PraisonAI

External References

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-ffp3-3562-8cv3
https://www.vulncheck.com/advisories/praisonai-tool-approval-cache-bypass-via-coarse-grained-caching

CVE-2026-56074

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment