CVE-2026-34952

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.87

Description The PraisonAI Gateway server lacks authentication for WebSocket connections at the /ws endpoint and exposes agent topology at the /info endpoint without authentication. This allows any network client to connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. The /info endpoint leaks all agent IDs without authentication. The WebSocket endpoint accepts connections unconditionally, without a token check. The GatewayConfig has an auth token field that is not enforced in the handler. An attacker with network access can enumerate agents via the /info API endpoint and send arbitrary messages to agents, potentially leading to tool execution, file reads, and API calls.

Recommendations Implement strong authentication for all WebSocket connections. Specifically, check for a token in the query parameters or the 'Authorization' header of the WebSocket connection and compare it to the auth token configured in GatewayConfig. If the tokens do not match, close the connection with a 4001 error code and a 'Unauthorized' reason.