{"vulnerability": "CVE-2026-60090", "sightings": [{"uuid": "7abec77e-7af2-4dd5-bcba-0bbb03d8fc22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60090", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqeulm7xao2h", "content": "CVE-2026-60090\nPraisonAI's knowledge-store in versions before 4.6.78 fails to check user input, allowing malicious users to inject SQL or Cassandra Query Language (CQL) code. This could potentially allow them to access or\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-11T14:26:05.567033Z"}, {"uuid": "0ce43faa-fbe6-4bc1-bd5a-4ca24c390efe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60090", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mqevnii7zw2d", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-60090 \u0432 PraisonAI: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/FA102B3A-9B07-43C0-BB30-1367FD7BE593", "creation_timestamp": "2026-07-11T14:45:02.856267Z"}, {"uuid": "2728f053-d0d0-4ad5-aab7-5368e46d9108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60090", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqewk2gtqw2b", "content": "\ud83d\udd34 CVE-2026-60090 - Critical (9.8)\n\nPraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVecto...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-60090/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-11T15:01:00.741383Z"}, {"uuid": "a28c658c-cd5a-4fd8-ae94-559fbde4520c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60090", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqezqflqeh26", "content": "CVE-2026-60090 - PraisonAI before 4.6.78 SQL/CQL Injection via vector dimension\nCVE ID : CVE-2026-60090\n \n Published : July 11, 2026, 2:16 p.m. | 1\u00a0hour, 8\u00a0minutes ago\n \n Description : PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PG...", "creation_timestamp": "2026-07-11T15:58:31.571646Z"}, {"uuid": "19237cba-adb7-4c1c-b064-0afbdc6b7230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-60090", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116904769950802301", "content": "CVE-2026-60090: PraisonAI &lt;4.6.78 suffers CRITICAL SQL injection (CVSS 9.3). Unauthenticated attackers can drop tables or run arbitrary SQL/CQL via create_collection(). Restrict access &amp; upgrade ASAP. https://radar.offseq.com/threat/cve-2026-60090-improper-neutralization-of-special--a49ea84d7839ded1 #OffSeq #infosec #SQLInjection #vuln", "creation_timestamp": "2026-07-12T03:00:25.852885Z"}, {"uuid": "6a3b2385-38b4-48ed-9d9e-27f849c25ead", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-60090", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqg6qjk4vg23", "content": "PraisonAI &lt;4.6.78 has a CRITICAL SQL injection flaw (CVE-2026-60090, CVSS 9.3). Unauthenticated attackers can destroy data. Restrict access &amp; update to 4.6.78+ when available. https://radar.offseq.com/threat/cve-2026-60090-improper-neutralization-of-special--a49ea84d7839ded1 #OffSeq #SQLInjection...", "creation_timestamp": "2026-07-12T03:00:27.599343Z"}]}