CVE-2026-42078 - Vulnerability Details - OpenCVE

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This issue has been patched via commit 418491a.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Icip-cas	Pptagent

No data.

No data.

References

Link	Providers
https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00
https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-hrcw-xc63-g29m

History

Mon, 04 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Icip-cas Icip-cas pptagent
Vendors & Products		Icip-cas Icip-cas pptagent

Mon, 04 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 04 May 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This issue has been patched via commit 418491a.
Title		PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
Weaknesses		CWE-22
References		https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00 https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-hrcw-xc63-g29m
Metrics		cvssV3_1 `{'score': 4.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-04T16:55:17.870Z

Updated: 2026-05-04T18:38:50.608Z

Reserved: 2026-04-23T19:17:30.565Z

Link: CVE-2026-42078

Vulnrichment

Updated: 2026-05-04T18:38:42.517Z

NVD

Status : Received

Published: 2026-05-04T17:16:24.740

Modified: 2026-05-04T17:16:24.740

Link: CVE-2026-42078

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-42078", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-23T19:17:30.565Z", "datePublished": "2026-05-04T16:55:17.870Z", "dateUpdated": "2026-05-04T18:38:50.608Z"}, "containers": {"cna": {"title": "PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-hrcw-xc63-g29m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-hrcw-xc63-g29m"}, {"name": "https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00", "tags": ["x_refsource_MISC"], "url": "https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00"}], "affected": [{"vendor": "icip-cas", "product": "PPTAgent", "versions": [{"version": "< 418491a9a1c02d9d93194b5973bb58df35cf9d00", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-04T16:56:52.563Z"}, "descriptions": [{"lang": "en", "value": "PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This issue has been patched via commit 418491a."}], "source": {"advisory": "GHSA-hrcw-xc63-g29m", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-04T18:38:03.199383Z", "id": "CVE-2026-42078", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T18:38:50.608Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-42078", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-04T18:38:03.199383Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T18:38:42.517Z"}}], "cna": {"title": "PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image", "source": {"advisory": "GHSA-hrcw-xc63-g29m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "icip-cas", "product": "PPTAgent", "versions": [{"status": "affected", "version": "< 418491a9a1c02d9d93194b5973bb58df35cf9d00"}]}], "references": [{"url": "https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-hrcw-xc63-g29m", "name": "https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-hrcw-xc63-g29m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00", "name": "https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This issue has been patched via commit 418491a."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-04T16:56:52.563Z"}}}, "cveMetadata": {"cveId": "CVE-2026-42078", "state": "PUBLISHED", "dateUpdated": "2026-05-04T18:38:50.608Z", "dateReserved": "2026-04-23T19:17:30.565Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-05-04T16:55:17.870Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}