๐Ÿ” CVE Alert

CVE-2026-61439

HIGH 7.5

PraisonAI before 4.6.78 Prompt Injection Defense Bypass

CVSS Score
7.5
EPSS Score
0.3%
EPSS Percentile
17th

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financial manipulation that trigger HIGH severity detection but are logged without blocking, enabling system prompt extraction and unauthorized tool invocations.

CWE CWE-1188
Vendor mervinpraison
Product praisonai
Published Jul 11, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for mervinpraison praisonai

Be the first to know when new high vulnerabilities affecting mervinpraison praisonai are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

MervinPraison / PraisonAI
0 < 4.6.78

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-fj8f-m44g-c479 vulncheck.com: https://www.vulncheck.com/advisories/praisonai-before-prompt-injection-defense-bypass

Credits

๐Ÿ” chakrapani150