CVE-2026-42080 MEDIUM

CVE-2026-42080: PPTAgent: Arbitrary File Write via `save_generated_slides`

Vendor Icip-Cas
Product PPTAgent
Weakness CWE-22 · Path traversal
Published May 4, 2026
Last update May 5, 2026

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched via commit 418491a.

Key dates

02Disclosure timeline

May 4, 2026 CVE published
May 5, 2026 Record updated