What is the CVSS score of EUVD-2026-27015?

EUVD-2026-27015 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of PPTAgent are affected by EUVD-2026-27015?

CVE-2026-42079 is a high-severity arbitrary code execution vulnerability in PPTAgent that allows local attackers to execute arbitrary Python code through unsafe evaluation of AI-generated content.. A patch is available.

PPTAgent EUVD-2026-27015

| CVE-2026-42079 HIGH

Eval Injection (CWE-95)

2026-05-04 GitHub_M

GHSA-89g2-xw5c-v95p

RCE Python Code Injection

8.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 04, 2026 - 18:32 EUVD

Source Code Evidence Fetched

May 04, 2026 - 17:49 vuln.today

Analysis Generated

May 04, 2026 - 17:49 vuln.today

Patch released

May 04, 2026 - 17:16 nvd

Patch available

EUVD ID Assigned

May 04, 2026 - 17:15 euvd

EUVD-2026-27015

Analysis Generated

May 04, 2026 - 17:15 vuln.today

CVE Published

May 04, 2026 - 16:57 nvd

HIGH 8.6

DescriptionNVD

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.

AnalysisAI

Arbitrary code execution in PPTAgent allows local attackers to execute Python code by exploiting unsafe eval() of LLM-generated content with unrestricted builtins. The framework's agentic architecture passes AI-generated code directly to eval() with full builtin access, enabling execution of arbitrary system commands. …

RemediationAI

Within 24 hours: Identify all systems running PPTAgent and assess whether they process untrusted or user-supplied prompts in presentation generation. Within 7 days: Implement the mitigation controls listed below; contact PPTAgent maintainers for timeline on official patch release. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-27015 vulnerability details – vuln.today

Back

PPTAgent EUVD-2026-27015

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code