Vulnerability  ·  2026-07-11

PraisonAI — Prompt Injection Defense Bypass via Detector-Family Threshold Gaming (CVSS 5.3)

VulnerabilityMedium impactGlobalCVE-2026-60086
PraisonAI's prompt-injection defense only blocks threats classified as CRITICAL, which requires three or more detector families to match simultaneously. Attackers can craft single- or double-vector prompt injections that evade CRITICAL classification while still achieving the injection's intended effect, bypassing the defense entirely.
This is a direct bypass of a purpose-built prompt-injection defense mechanism in an agentic AI framework — demonstrating that multi-detector-family AND-gating thresholds create exploitable gaps rather than robust protection, a cautionary finding for any framework using similar ensemble-based prompt-injection detection.
Attacker crafts prompt injection using only one or two detector-triggering vectors to stay below the three-detector-family CRITICAL threshold, evading the defense while still achieving injection effects
PraisonAI (pip package praisonaiagents) < 4.6.78
Upgrade to PraisonAI ≥4.6.78
GitHub Security Advisory GHSA-4r3p-w3mc-5v34
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →