{"id":"CVE-2026-42080","summary":"PPTAgent: Arbitrary File Write via `save_generated_slides`","details":"PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched via commit 418491a.","aliases":["GHSA-pxhg-7xr2-w7xg","PYSEC-2026-2894"],"modified":"2026-07-15T01:48:50.083818744Z","published":"2026-05-04T16:58:36.414Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"fixed":"418491a9a1c02d9d93194b5973bb58df35cf9d00"}],"source":"AFFECTED_FIELD"}],"cna_assigner":"GitHub_M","cwe_ids":["CWE-22"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42080.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42080.json"},{"type":"ADVISORY","url":"https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-pxhg-7xr2-w7xg"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42080"},{"type":"FIX","url":"https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/icip-cas/pptagent","events":[{"introduced":"0"},{"fixed":"418491a9a1c02d9d93194b5973bb58df35cf9d00"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v1.1.35","v1.1.34","v1.1.33"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42080.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"}]}