CVE-2026-56074

MEDIUM 5.5

PraisonAI - Tool Approval Cache Bypass via Coarse-Grained Caching

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and credentials via subsequent shell commands without user consent.

CWE	CWE-863
Vendor	praisonai
Product	praisonai
Published	Jun 18, 2026

Stay Ahead of the Next One

Get instant alerts for praisonai praisonai

Be the first to know when new medium vulnerabilities affecting praisonai praisonai are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

PraisonAI / PraisonAI

0 < 1.5.128

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-ffp3-3562-8cv3 vulncheck.com: https://www.vulncheck.com/advisories/praisonai-tool-approval-cache-bypass-via-coarse-grained-caching

Credits

🔍 offset