Auth bypass in Mervinpraison Praisonai

CVE-2026-60087

PraisonAI before 1.6.78 caches tool approval decisions by tool name only, allowing attackers to reuse initial approvals for subsequent calls with arbitrary arguments. Attackers can exploit this by obtaining approval for a benign operation…

Vulnerability class: Broken Access Control

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-60087?
CVE-2026-60087 is a medium-severity vulnerability in Mervinpraison Praisonai, classified under Incorrect Authorization. CVSS score: 6.1/10. Published 2026-07-15.
How severe is CVE-2026-60087?
Medium severity. CVSS v3 base score is 6.1 out of 10.