Description
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.
Published: 2026-05-04
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PPTAgent, a framework for generating reflective PowerPoint presentations, contains a flaw that allows an attacker to execute arbitrary Python code by evaluating LLM‑generated content with eval() when builtins are present in the evaluation scope. The vulnerability is rooted in CWE‑95, reflecting the use of a dangerous dynamic execution function. If exploited, the attacker can gain full control of the underlying system where PPTAgent runs, compromising confidentiality, integrity, and availability by running any code the attacker supplies.

Affected Systems

The affected product is PPTAgent from the icip‑cas vendor. Version information is not specified in the data, so all releases prior to the commit that introduced the patch are potentially vulnerable.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.6, indicating high severity. No EPSS score is available, and it is not listed in CISA KEV. The likely attack vector is local or requires the attacker to supply malicious LLM‑generated code to an instance of PPTAgent; remote exploitation would depend on the environment in which the framework is deployed. The absence of a published exploit in KEV suggests the risk is high but depends on the exposure of PPTAgent to untrusted inputs.

Generated by OpenCVE AI on May 4, 2026 at 19:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch available in commit 418491a to PPTAgent to eliminate the eval() of untrusted code.
  • If patching is not immediately possible, disable eval() in the code paths that handle LLM‑generated content or restrict the builtins available to the eval() call.
  • Ensure that any LLM‑generated code is reviewed or executed in a sandboxed environment, and restrict the execution context to prevent access to system resources.

Generated by OpenCVE AI on May 4, 2026 at 19:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Icip-cas
Icip-cas pptagent
Vendors & Products Icip-cas
Icip-cas pptagent

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.
Title PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope
Weaknesses CWE-95
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Icip-cas Pptagent
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-04T19:42:53.677Z

Reserved: 2026-04-23T19:17:30.565Z

Link: CVE-2026-42079

cve-icon Vulnrichment

Updated: 2026-05-04T19:41:47.219Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:24.887

Modified: 2026-05-04T20:16:19.730

Link: CVE-2026-42079

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:43:57Z

Weaknesses