CVE-2026-42079HIGH 8.6EPSS p4.0%

CVE-2026-42079CVE-2026-42079

Description

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.14% probability of exploitation · percentile 4.0% · 2026-06-18T12:00:27Z
Published2026-05-04
Last modified2026-05-05

Underlying weaknesses· 1

CWE-95

References

  1. https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00
  2. https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-89g2-xw5c-v95p
  3. https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-89g2-xw5c-v95p

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')cwe-950%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1497
CVE
CVE-2026-6110
CVE
CVE-2026-34938
CVE
CVE-2026-40088
CVE
CVE-2026-5970
CVE
CVE-2026-34937
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.