Skip to main content

Pptagent

2 CVEs product

Monthly

CVE-2026-42080 PyPI MEDIUM POC PATCH GHSA This Month

Arbitrary file write vulnerability in PPTAgent prior to commit 418491a allows authenticated users with UI interaction to write files outside the intended workspace via path traversal in the save_generated_slides function, potentially overwriting arbitrary files on the system. CVSS 4.6 (low integrity and availability impact); no public exploit code identified at time of analysis.

Path Traversal Pptagent
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-42078 PyPI MEDIUM PATCH GHSA This Month

PPTAgent prior to commit 418491a allows authenticated users to write arbitrary files and create directories outside intended workspace boundaries via path traversal in the markdown_table_to_image function. An attacker with login access can supply crafted file paths containing directory traversal sequences to escape the configured workspace and write malicious files to arbitrary locations on the system. The vulnerability requires user interaction (UI:R in CVSS vector) and affects confidentiality and availability, with no public exploit code identified at time of analysis.

Path Traversal Pptagent
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

Arbitrary file write vulnerability in PPTAgent prior to commit 418491a allows authenticated users with UI interaction to write files outside the intended workspace via path traversal in the save_generated_slides function, potentially overwriting arbitrary files on the system. CVSS 4.6 (low integrity and availability impact); no public exploit code identified at time of analysis.

Path Traversal Pptagent
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

PPTAgent prior to commit 418491a allows authenticated users to write arbitrary files and create directories outside intended workspace boundaries via path traversal in the markdown_table_to_image function. An attacker with login access can supply crafted file paths containing directory traversal sequences to escape the configured workspace and write malicious files to arbitrary locations on the system. The vulnerability requires user interaction (UI:R in CVSS vector) and affects confidentiality and availability, with no public exploit code identified at time of analysis.

Path Traversal Pptagent
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy