Vulnerability in Mervinpraison Praisonai
CVE-2026-60086
PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft…
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.
Affected products
- Mervinpraison Praisonai — versions 0, 4.6.78
Weakness classification (CWE)
References
- disclosure@vulncheck.com (vendor-advisory)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2026-60086?
- CVE-2026-60086 is a medium-severity vulnerability in Mervinpraison Praisonai, classified under Protection Mechanism Failure. CVSS score: 5.3/10. Published 2026-07-10.
- How severe is CVE-2026-60086?
- Medium severity. CVSS v3 base score is 5.3 out of 10.