CVE-2026-42078

MEDIUM NVD

CVSS Score 4.6

Severity MEDIUM

Published May 04, 2026

Vendor unknown

Description

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This issue has been patched via commit 418491a.

References

https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00
https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-hrcw-xc63-g29m