PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financial manipulation that trigger HIGH severity detection but are logged without blocking, enabling system prompt extraction and unauthorized tool invocations.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
PraisonAI versions before 4.6.78 suffer from a dangerous default configuration where prompt injection defenses are set to block only CRITICAL severity threats, leaving HIGH-level attacks unblocked and merely logged. This allows attackers to submit carefully crafted single-vector prompt injection attacks—such as instruction overrides that redirect the AI's behavior or financial manipulation prompts that alter decision-making—that register as HIGH severity but pass through without triggering blocking mechanisms. The vulnerability is particularly concerning because it enables attackers to extract system prompts and invoke unauthorized tool calls, giving them control over AI system behavior while appearing in logs as non-critical events. Organizations deploying PraisonAI for sensitive workflows, including those processing financial decisions, customer interactions, or system administration tasks, face direct risk of unauthorized AI behavior manipulation.
Casky's extended reasoning capabilities built on Claude AI can detect the attack patterns underlying this CVE by analyzing suspicious prompt sequences and behavioral anomalies that characterize prompt injection attempts. While this specific CVE doesn't map to traditional MITRE ATT&CK techniques, practitioners using Casky would identify attacks through skill-based detection of: (1) instruction override patterns where attacker prompts attempt to replace original system directives, (2) context confusion techniques that blur boundaries between user input and system instructions, and (3) tool invocation anomalies showing unauthorized function calls following high-severity detection events. In the findings dashboard, practitioners would observe logs flagged as HIGH severity with corresponding tool invocation attempts that should have triggered blocks—a clear indicator of defense misconfiguration. Extended reasoning analysis would reveal the semantic intent behind injection attempts even when formatted as benign queries, enabling security teams to identify exploitation before system compromise occurs.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-61439. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation