CVE-2026-60087
Received Received - Intake

PraisonAI Session Reuse of Tool Approval Bypass

Vulnerability report for CVE-2026-60087, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-15

Last updated on: 2026-07-15

Assigner: VulnCheck

Description

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with unreviewed parameters in the same session.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-15
Last Modified
2026-07-15
Generated
2026-07-15
AI Q&A
2026-07-15
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
praisonai praisonai to 1.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

PraisonAI before version 1.6.78 caches tool approval decisions based only on the tool name, not the arguments. This allows attackers to reuse an initial approval for a benign operation to execute dangerous file write operations with arbitrary parameters in the same session without further review.

Executive Summary

PraisonAI before version 1.6.78 caches tool approval decisions based only on the tool name, not the arguments. This allows attackers to reuse an initial approval for a benign operation to execute dangerous file write operations with arbitrary parameters in the same session without further review.

Impact Analysis

An attacker could exploit this to bypass security controls by first getting approval for a safe action like writing to a non-critical file, then using that cached approval to write to sensitive system files or perform other unauthorized actions without additional checks.

Compliance Impact

This vulnerability could lead to unauthorized data access or modification, violating integrity and confidentiality requirements in GDPR and HIPAA. Organizations using PraisonAI may fail compliance audits due to insufficient authorization controls for sensitive operations.

Detection Guidance

To detect this vulnerability, inspect PraisonAI logs for tool approvals that reuse cached decisions without re-evaluating arguments. Check if write_file or similar tools are approved once and then used with different paths in the same session. Look for inconsistencies in approval logs where benign operations are followed by unauthorized file writes.

Mitigation Strategies

Upgrade PraisonAI to version 1.6.78 or later to address the caching flaw. Review and clear any existing approval caches in running sessions. Implement stricter approval checks that include tool arguments in cache keys. Disable inheritance of approval caches in child tasks if possible.

Impact Analysis

An attacker could trick a user into approving a safe action like writing to a harmless file. The system would then allow the attacker to write to sensitive files or execute malicious operations without additional approvals during the same session.

Compliance Impact

This vulnerability could lead to unauthorized data access or modification, violating GDPR's integrity and confidentiality requirements and HIPAA's safeguards for protected health information. It undermines audit controls and access management.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-60087. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart