CVE-2026-42079

CVE-2026-42079 is an arbitrary code execution vulnerability in PPTAgent, an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, the framework executes LLM-generated code using Python's eval() function with builtins in scope, enabling attackers to run arbitrary Python code. The issue is classified as CWE-95 (Improper Neutralization of Special Elements used in an eval() or Similar Function while Processing User-Controlled Input) and carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

An attacker with local access can exploit this vulnerability with low complexity and no required privileges, but it requires user interaction, such as tricking a user into processing malicious input that influences LLM code generation. Successful exploitation grants arbitrary code execution on the host system, resulting in high impacts to confidentiality, integrity, and availability, along with a scope change that affects the broader system.

The vulnerability has been patched in commit 418491a of the PPTAgent repository. Additional details are available in the GitHub security advisory GHSA-89g2-xw5c-v95p.

This flaw underscores risks in AI/ML agentic workflows where LLM outputs are directly evaluated, as seen in PPTAgent's PowerPoint generation pipeline. No public information on real-world exploitation is available.