PT-2026-57434 · Praisonai · Praisonai

Dinhvaren

·

Published

2026-07-11

·

Updated

2026-07-11

·

CVE-2026-61426

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.7.3
Description The software has an insecure default configuration that binds to all network interfaces, lacks API key requirements, and uses wildcard CORS (Cross-Origin Resource Sharing), which allows resources to be requested from any domain. Unauthenticated attackers can access the 'GET /api/agents' endpoint to read agent instructions and system prompts, or use the 'POST /api/chat' endpoint to invoke agents.
Recommendations Update PraisonAI to version 1.7.3 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61426

Affected Products

Praisonai