GHSA-PXHG-7XR2-W7XG PPTAgent: Arbitrary File Write via `save_generated_slides`

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. The savegeneratedslides MCP tool accepts a pptxpath argument and writes the generated PPTX file to that path without any workspace restriction or path validation:...

PPTAgent: Arbitrary File Write via `save_generated_slides`

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. The savegeneratedslides MCP tool accepts a pptxpath argument and writes the generated PPTX file to that path without any workspace restriction or path validation:...

Directory Traversal

Overview pptagent is an An Agentic Framework for Reflective PowerPoint Generation Affected versions of this package are vulnerable to Directory Traversal via the savegeneratedslides function. An attacker can overwrite or create arbitrary files on the system by supplying crafted input when invokin...

CVE-2026-42080

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via savegeneratedslides. This issue has been patched via commit 418491a...

CVE-2026-42080 PPTAgent: Arbitrary File Write via `save_generated_slides`

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via savegeneratedslides. This issue has been patched via commit 418491a...

CVE-2026-42080

PPTAgent contains an arbitrary file write vulnerability in the component handling slide generation. Prior to commit 418491a, an attacker could write arbitrary files via save_generated_slides. The issue has been patched in commit 418491a. Impact details in the public records indicate a low to medi...

CVE-2026-42080 PPTAgent: Arbitrary File Write via `save_generated_slides`

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via savegeneratedslides. This issue has been patched via commit 418491a...

CVE-2026-42080

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via savegeneratedslides. This issue has been patched via commit 418491a...

PT-2026-36858

Name of the Vulnerable Software and Affected Versions PPTAgent versions prior to commit 418491a Description An arbitrary file write issue exists in this agentic framework for reflective PowerPoint generation. The flaw occurs through the save generated slides function. Recommendations Update to...

PPTAgent 路径遍历漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent, such as 418491a, contained a path traversal vulnerability. This vulnerability stemmed from issues with the savegeneratedslides function, which could allo...