{"data":{"id":"8df919e7-f82f-4846-9e0f-21f430993fb9","title":"CVE-2026-60086: PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks","summary":"PraisonAI versions before 4.6.78 have a vulnerability where its defense against prompt injection (tricking an AI by hiding instructions in its input) is too weak. The defense only blocks attacks rated as CRITICAL threat level, but attackers can create single or double-vector attacks rated as HIGH threat level that slip through unblocked to reach the AI model.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-60086","publishedAt":"2026-07-10T15:16:49.417Z","cveId":"CVE-2026-60086","cweIds":["CWE-693"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["PraisonAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-10T15:16:49.417Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0051"]}}