HIGHCVE-2026-42079Published 2026-05-04Modified 2026-05-04CNA GitHub_M

CVE-2026-42079: PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.

CVSS v3.1: 8.6
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

icip-cas / PPTAgent
< 418491a9a1c02d9d93194b5973bb58df35cf9d00

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References

https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-89g2-xw5c-v95p
https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00

Metrics