CVE-2026-60090
PraisonAI before 4.6.78 SQL/CQL Injection via vector dimension
CVSS Score
9.8
EPSS Score
0.4%
EPSS Percentile
33th
PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection-name identifiers are validated, the dimension value (declared as int but not enforced at runtime) is interpolated directly into the vector column of the generated CREATE TABLE DDL. A caller able to influence collection-creation dimensions can pass a string such as '3); DROP TABLE tenant_secrets; --' to inject SQL/CQL tokens into the statement executed by the database driver.
| CWE | CWE-89 |
| Vendor | mervinpraison |
| Product | praisonai |
| Published | Jul 11, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for mervinpraison praisonai
Be the first to know when new critical vulnerabilities affecting mervinpraison praisonai are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
MervinPraison / PraisonAI
0 < 4.6.78
References
github.com: https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-wf65-4jjx-q444 github.com: https://github.com/MervinPraison/PraisonAI/commit/3aa9cbc2bd49c23a32be0a89a5e620d13d843eab vulncheck.com: https://www.vulncheck.com/advisories/praisonai-before-sql-cql-injection-via-vector-dimension
Credits
๐ rexpository