CVE-2026-42079: PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins…

Summary > This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. CodeExecutor.execute_actions (pptagent/apis.py:126-205) processes LLM-generated slide…

8.6CVSS Score

HIGHSeverity

NOCISA KEV

VulnerabilityImpact Type

📋 Vulnerability Details

CVE ID	CVE-2026-42079
Vendor	pip
Affected Product	pptagent
Vulnerability Type	Vulnerability
CVSS Score	8.6 (HIGH)
Actively Exploited	❌ No known exploitation
Patch Status	See Vendor Advisory →
Reported By	CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

Summary > This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. `CodeExecutor.execute_actions` (pptagent/apis.py:126-205) processes LLM-generated slide editing actions using Python's `eval()`: ```python`


pptagent/apis.py:184-186
partial_func = partial(self.registered_functions[func], edit_slide) if func == "replace_image": partial_func = partial(partial_func, doc) eval(line, {}, {func: partial_func})
← builtins accessible

` The call eval(line, {}, {func: partial_func}) passes an empty dict as globals. Per Python's language reference: "If the globals dictionary is present and does not contain a value for the key __builtins__`, a reference to the dictionary of the built-in module builtins is inserted under that k

🎯 Known Indicators of Compromise

{"type":"sha1","value":"418491a9a1c02d9d93194b5973bb58df35cf9d00","confidence_score":0.9,"first_seen":"2026-05-05","source_count":1} {"type":"url","value":"https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00.","confidence_score":0.82,"first_seen":"2026-05-05","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-42079 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries

🛡️ Get Detection Pack → 🔌 Access via API →

CVE-2026-42079: PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins…

📋 Vulnerability Details

🔬 Technical Analysis

Summary > This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. CodeExecutor.execute_actions (pptagent/apis.py:126-205) processes LLM-generated slide editing actions using Python's eval(): ``python

pptagent/apis.py:184-186

← builtins accessible

🎯 Known Indicators of Compromise

📚 Advisory References

Get CVE-2026-42079 Detection Pack

🔗 Related Intelligence

Summary > This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. `CodeExecutor.execute_actions` (pptagent/apis.py:126-205) processes LLM-generated slide editing actions using Python's `eval()`: ```python`