A critical vulnerability has been published under CVE-2026-61445, affecting PraisonAI versions prior to 4.6.78. The flaw, rated CVSS 9.9, resides in the AICoder component and allows arbitrary file…
CVE-2026-60090 (CVSS 9.8) — PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection
CVE. Sourced from nvd, summarised by Matproof.
AI Analysis
What changed and what to do.
A new critical vulnerability, CVE-2026-60090, has been published with a CVSS score of 9.8, affecting PraisonAI versions prior to 4.6.78. The flaw lies in the failure to validate a caller-controlled dimension argument within the PGVector and Cassandra knowledge-store backends, specifically in the create_collection() function. This oversight could allow an attacker to manipulate database schema, keyspace, or collection structures without proper authorization, potentially leading to data corruption, unauthorized access, or service disruption.
Organizations using PraisonAI for AI-driven data management, particularly those relying on vector databases or Cassandra for knowledge storage, are directly affected. This includes sectors such as financial services, healthcare, and technology firms that deploy AI agents for compliance, risk analysis, or customer-facing applications. Any entity running PraisonAI in production or development environments with version numbers below 4.6.78 should treat this as a high-priority risk.
Compliance teams should immediately verify the version of PraisonAI in use and apply the update to version 4.6.78 or later. Conduct a rapid impact assessment to identify any systems that may have been exposed, and review access logs for unusual activity related to collection creation or schema changes. Ensure that vulnerability management processes are updated to include this CVE, and coordinate with IT security to implement network-level controls if patching is delayed. Document all actions taken for audit and regulatory reporting purposes.
This summary is AI-generated for orientation purposes. For regulatory action, always consult the original source linked above.
More CVE updates
Latest in CVE.
A critical vulnerability has been published under CVE-2026-61447, affecting PraisonAI versions prior to 1.6.78. The flaw carries a CVSS score of 10.0, the highest severity rating, and involves a…
Map this to your controls
Connect regulatory changes to your compliance work.
Matproof maps every regulator update directly to your controls and surfaces the ones that affect your organisation — across 21 frameworks.