{"data":{"id":"229ff849-ccce-4f28-b628-2ca938a393e2","title":"CVE-2026-61439: PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults ","summary":"PraisonAI versions before 4.6.78 have a security misconfiguration in their prompt injection defense (a security feature that blocks attempts to trick an AI into ignoring its instructions). The defense is set to only block attacks marked as CRITICAL severity, which means HIGH-severity attacks slip through without being blocked, allowing attackers to extract hidden system prompts and trigger unauthorized tool use.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-61439","publishedAt":"2026-07-11T14:16:22.870Z","cveId":"CVE-2026-61439","cweIds":["CWE-1188"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["PraisonAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-11T14:16:22.870Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0051"]}}