CVE-2026-39889

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.115

Description PraisonAI's Agent-to-User (A2U) event stream server, prior to version 4.5.115, lacks authentication, exposing all agent activity. The create a2u routes() function registers several API endpoints without authentication checks, including: /a2u/info, /a2u/subscribe, /a2u/events/{stream name}, /a2u/events/sub/{id}, and /a2u/health. An unauthenticated attacker can subscribe to event streams and receive live updates of all agent events, including responses, tool calls, and internal reasoning. The vulnerable parameters include stream name and subscription id used in the API endpoints. This exposure can reveal sensitive agent activity to network attackers.

Recommendations Update PraisonAI to version 4.5.115 or later.