CVE-2026-42079

HIGH NVD

CVSS Score 8.6

Severity HIGH

Published May 04, 2026

Vendor unknown

Description

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.

References

https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00
https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-89g2-xw5c-v95p