CVE-2026-61439 in PraisonAIinfo

Summary

by MITRE • 07/11/2026

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financial manipulation that trigger HIGH severity detection but are logged without blocking, enabling system prompt extraction and unauthorized tool invocations.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/11/2026

The vulnerability in PraisonAI versions prior to 4.6.78 represents a critical misconfiguration in the prompt injection defense mechanism that fundamentally undermines the security posture of the system. This flaw exists within the threshold-based detection framework where the default block severity level is incorrectly set to CRITICAL, creating a dangerous gap in protection for HIGH severity threats that should be automatically blocked. The configuration error stems from a failure to properly align the detection sensitivity levels with appropriate response actions, allowing malicious actors to exploit this inconsistency in their attack vectors.

The technical implementation of this vulnerability manifests through the system's inability to properly categorize and respond to different severity levels of prompt injection attempts. When attackers submit single-vector prompt injection attacks such as instruction overrides or financial manipulation patterns, these threats trigger detection mechanisms that correctly identify them as HIGH severity issues but fail to execute the blocking action. This creates a scenario where potentially dangerous prompts are logged for audit purposes while simultaneously remaining active within the system, enabling unauthorized access to underlying tools and functions.

The operational impact of this vulnerability extends beyond simple logging failures to encompass significant security risks including system prompt extraction and unauthorized tool invocations. Attackers can leverage the HIGH severity threats that pass through undetected to manipulate system behavior through carefully crafted injection vectors, potentially gaining access to sensitive functionality or data processing capabilities. The logging mechanism, while capturing these incidents, provides no protection against exploitation since the blocking action is never executed, effectively creating a false sense of security for administrators who may believe the system is properly defending against such attacks.

This misconfiguration aligns with common weaknesses identified in CWE-352 Cross-Site Request Forgery and CWE-79 Cross-Site Scripting categories where improper input validation leads to unauthorized actions. The vulnerability also maps to ATT&CK technique T1059.001 Command and Scripting Interpreter where attackers can execute malicious commands through prompt injection, and T1566.001 Phishing: Spearphishing Attachment which demonstrates how attackers can bypass security controls through carefully constructed input vectors. Organizations using affected versions of PraisonAI face increased risk of data manipulation, unauthorized system access, and potential escalation of privileges through these undetected prompt injection attacks.

The recommended mitigation strategy involves immediate upgrading to PraisonAI version 4.6.78 or later where the block threshold configuration has been corrected to properly handle HIGH severity threats. Additionally, organizations should implement monitoring of the logging system to detect any instances where HIGH severity threats are being logged without blocking actions, and consider implementing additional detection layers to identify potential prompt injection attempts that may bypass the primary defenses. Security teams should also conduct thorough reviews of all prompt injection defense configurations to ensure proper alignment between detection sensitivity levels and appropriate response actions across all security controls.

Responsible

VulnCheck

Reservation

07/09/2026

Disclosure

07/11/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!