CVE-2026-61439
Received Received - Intake

Prompt Injection Defense Bypass in PraisonAI

Vulnerability report for CVE-2026-61439, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-11

Last updated on: 2026-07-11

Assigner: VulnCheck

Description

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financial manipulation that trigger HIGH severity detection but are logged without blocking, enabling system prompt extraction and unauthorized tool invocations.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-11
Last Modified
2026-07-11
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
praisonai praisonai to 4.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1188 The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-61439 is a vulnerability in PraisonAI versions before 4.6.78 caused by a misconfiguration in the prompt injection defense mechanism.

The defense system is designed to block threats classified as CRITICAL severity, which requires multiple detection checks to fail simultaneously. However, this setting allows HIGH severity threats to pass through unblocked.

Attackers can exploit this by submitting single-vector prompt injection attacks, such as instruction overrides or financial manipulation, that are detected as HIGH severity but only logged without blocking.

This enables attackers to extract system prompts, invoke unauthorized tools, manipulate financial transactions, or exfiltrate context from the system.

Impact Analysis

This vulnerability can have serious impacts by allowing attackers to bypass the prompt injection defense and interact with the system in unauthorized ways.

  • System prompt extraction, which can reveal sensitive internal prompts.
  • Unauthorized invocation of tools or commands within the system.
  • Manipulation of financial transactions if the system supports such operations.
  • Exfiltration of sensitive context or data from the system.

Overall, the vulnerability undermines the security of the AI system by allowing high-severity attacks to proceed unchecked, potentially leading to data breaches or unauthorized actions.

Detection Guidance

This vulnerability involves prompt injection attacks that are logged as HIGH severity but not blocked due to a misconfigured defense threshold. Detection involves monitoring logs for HIGH severity prompt injection attempts such as instruction overrides or financial manipulation.

Since the defense system scans LLM inputs for six detection categories and logs HIGH severity events without blocking, you should review the system or application logs for any HIGH severity prompt injection alerts.

Specific commands are not provided in the available resources, but general detection steps include:

  • Check application or system logs for entries marked as HIGH severity prompt injection attempts.
  • Use log filtering commands such as `grep 'HIGH severity' /path/to/praisonai/logs` on Linux systems to identify suspicious prompt injection attempts.
  • Monitor network traffic for unusual requests to the PraisonAI service that may contain prompt injection payloads.
Mitigation Strategies

The primary mitigation is to update the PraisonAI package to version 4.6.78 or later, where the prompt injection defense threshold is correctly set to block HIGH severity threats.

If immediate updating is not possible, a recommended fix is to change the default block threshold from "CRITICAL" to "HIGH" in the configuration or code, ensuring that any single dangerous-category match triggers blocking.

This fix is described as a one-line code adjustment that changes the blocking threshold to be more sensitive.

Additionally, monitor logs closely for HIGH severity prompt injection attempts and consider implementing additional manual or automated filtering until the fix is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61439. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart