Currently free during beta - premium features coming soon. Subscribe now to lock in early access.

CVE-2026-60090 (CVSS 9.8) — PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVector and Cassandra knowledge-store create_collection() backends. Although schema, keyspace, and collection

CVE Vulnerabilities & CVEs · · nvd

AI Analysis

A new critical vulnerability, CVE-2026-60090, has been published with a CVSS score of 9.8, affecting PraisonAI versions prior to 4.6.78. The flaw lies in the failure to validate a caller-controlled dimension argument within the PGVector and Cassandra knowledge-store backends, specifically in the create_collection() function. This oversight could allow an attacker to manipulate database schema, keyspace, or collection structures without proper authorization, potentially leading to data corruption, unauthorized access, or service disruption.

Organizations using PraisonAI for AI-driven data management, particularly those relying on vector databases or Cassandra for knowledge storage, are directly affected. This includes sectors such as financial services, healthcare, and technology firms that deploy AI agents for compliance, risk analysis, or customer-facing applications. Any entity running PraisonAI in production or development environments with version numbers below 4.6.78 should treat this as a high-priority risk.

Compliance teams should immediately verify the version of PraisonAI in use and apply the update to version 4.6.78 or later. Conduct a rapid impact assessment to identify any systems that may have been exposed, and review access logs for unusual activity related to collection creation or schema changes. Ensure that vulnerability management processes are updated to include this CVE, and coordinate with IT security to implement network-level controls if patching is delayed. Document all actions taken for audit and regulatory reporting purposes.

Get notified about CVE changes

Subscribe to our free weekly digest covering 24 compliance frameworks.