CVE-2026-60090
Received Received - Intake

SQL Injection in PraisonAI PGVector and Cassandra Backends

Vulnerability report for CVE-2026-60090, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-11

Last updated on: 2026-07-11

Assigner: VulnCheck

Description

PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value (declared as int but not enforced at runtime) is interpolated directly into the vector column of the generated CREATE TABLE DDL. A caller able to influence collection-creation dimensions can pass a string such as '3); DROP TABLE tenant_secrets; --' to inject SQL/CQL tokens into the statement executed by the database driver.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-11
Last Modified
2026-07-11
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
praisonai praisonai to 4.6.78 (exc)
mervinpraison praisonai to 4.6.78 (exc)
mervinpraison praisonai From 3.10.0 (inc) to 4.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-60090 is a critical SQL/CQL injection vulnerability in PraisonAI versions before 4.6.78. The issue arises because the application fails to properly validate the 'dimension' argument in the PGVector and Cassandra knowledge-store create_collection() backends.

Although other identifiers like schema, keyspace, and collection-name are validated, the dimension value, which is declared as an integer but not enforced at runtime, is directly interpolated into the vector column of the generated CREATE TABLE DDL statement.

This allows an attacker who can influence the dimension parameter to inject malicious SQL or CQL tokens, such as a crafted string like '3); DROP TABLE tenant_secrets; --', which gets executed by the database driver, potentially causing harmful database operations.

Impact Analysis

This vulnerability can lead to unauthorized execution of SQL or CQL commands on the database used by PraisonAI, allowing an attacker to manipulate database objects.

  • An attacker could inject commands to drop tables, such as sensitive tables like 'tenant_secrets', leading to data loss.
  • The impact depends on the database permissions granted to the application; if high privileges are present, the attacker could cause severe damage.
  • Overall, this can result in data corruption, loss, or unauthorized data manipulation.
Detection Guidance

This vulnerability arises from improper validation of the 'dimension' argument in the PGVector and Cassandra knowledge-store create_collection() backends of PraisonAI before version 4.6.78. Detection involves identifying if your system is running a vulnerable version of PraisonAI (before 4.6.78) and if the application uses these specific backends.

To detect exploitation attempts or presence of this vulnerability, you can monitor database logs for suspicious CREATE TABLE statements containing unexpected SQL tokens such as 'DROP TABLE' or other injected commands within vector dimension parameters.

Since the vulnerability involves SQL/CQL injection via the dimension parameter, you can also audit application logs or network traffic for unusual or malformed collection creation requests that include non-integer or suspicious dimension values.

Specific commands depend on your environment, but examples include:

  • Checking PraisonAI version: `praisonai --version` or inspecting installed package versions.
  • Searching database logs for suspicious DDL statements, e.g., for PostgreSQL logs: `grep -i "CREATE TABLE" /var/log/postgresql/postgresql.log | grep -E "DROP TABLE|; --"`
  • Monitoring application logs for collection creation calls with non-integer dimension values.
  • Using network monitoring tools to capture and inspect traffic for suspicious payloads targeting the dimension parameter.
Mitigation Strategies

The primary and immediate mitigation step is to upgrade PraisonAI to version 4.6.78 or later, where this vulnerability has been fixed.

If upgrading immediately is not possible, ensure that the application validates the 'dimension' parameter strictly as a positive integer within the supported range before it is used in any database DDL statements.

Additionally, restrict database permissions to minimize the impact of any potential injection, for example by limiting the application's ability to execute DDL statements or drop tables.

Monitor logs for suspicious activity and consider implementing Web Application Firewall (WAF) rules to detect and block injection attempts targeting the dimension parameter.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-60090. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart