CVE-2026-60087: Incorrect Authorization in MervinPraison PraisonAI
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with unreviewed parameters in the same session.
AI Analysis
Technical Summary
CVE-2026-60087 describes an incorrect authorization vulnerability in MervinPraison's PraisonAI product prior to version 1.6.78. The product caches tool approval decisions solely by tool name, which enables attackers to bypass intended authorization checks by reusing approvals from benign operations to perform unauthorized, potentially harmful file write operations with arbitrary arguments in the same session. This flaw arises from insufficient validation of parameters after initial approval caching.
Potential Impact
An attacker who obtains approval for a benign operation can exploit this vulnerability to execute dangerous file write operations with unreviewed parameters, potentially leading to unauthorized modification of files. This could compromise system integrity or lead to further exploitation depending on the environment where PraisonAI is deployed.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to PraisonAI to trusted users only and monitor for suspicious activity involving tool approvals. Avoid approving operations unless fully verified. No vendor advisory or patch information is currently provided.
CVE-2026-60087: Incorrect Authorization in MervinPraison PraisonAI
Description
PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation and then executing dangerous file write operations with unreviewed parameters in the same session.
CVSS v4.0
Score 6.9medium
Affected software
pkg:github/mervinpraison/PraisonAIRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-60087 describes an incorrect authorization vulnerability in MervinPraison's PraisonAI product prior to version 1.6.78. The product caches tool approval decisions solely by tool name, which enables attackers to bypass intended authorization checks by reusing approvals from benign operations to perform unauthorized, potentially harmful file write operations with arbitrary arguments in the same session. This flaw arises from insufficient validation of parameters after initial approval caching.
Potential Impact
An attacker who obtains approval for a benign operation can exploit this vulnerability to execute dangerous file write operations with unreviewed parameters, potentially leading to unauthorized modification of files. This could compromise system integrity or lead to further exploitation depending on the environment where PraisonAI is deployed.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to PraisonAI to trusted users only and monitor for suspicious activity involving tool approvals. Avoid approving operations unless fully verified. No vendor advisory or patch information is currently provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-07-08T12:14:28.344Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a57771e68715ace43a93b7d
Added to database: 07/15/2026, 12:03:42 UTC
Last enriched: 07/15/2026, 12:19:23 UTC
Last updated: 07/15/2026, 14:42:22 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.