CVE-2026-56074
Deferred Deferred - Pending Action

PraisonAI Tool Approval Bypass via Cached Decisions

Vulnerability report for CVE-2026-56074, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-18

Last updated on: 2026-06-22

Assigner: VulnCheck

Description

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and credentials via subsequent shell commands without user consent.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-18
Last Modified
2026-06-22
Generated
2026-07-09
AI Q&A
2026-06-19
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
praisonai praisonai to 1.5.128 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability allows attackers to bypass approval prompts and silently exfiltrate API keys and credentials without user consent.

Such unauthorized data exfiltration and lack of user consent can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls over access to sensitive information and explicit user consent for data processing.

Executive Summary

PraisonAI versions before 1.5.128 have a vulnerability where tool approval decisions are cached only by the tool name and not by the specific invocation arguments. This means that once a benign command is approved, subsequent commands using the same tool name can bypass the approval prompt.

Attackers can exploit this flaw by first getting approval for a harmless command, then using the same tool name to execute malicious commands that can silently exfiltrate sensitive information such as API keys and credentials without the user's consent.

Impact Analysis

This vulnerability can lead to unauthorized execution of commands that bypass user approval, allowing attackers to silently steal sensitive information like API keys and credentials.

Such unauthorized access can compromise the security of your systems and data, potentially leading to data breaches, loss of control over your environment, and further exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56074. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart