PT-2026-57435 · Praisonai · Agentmail
Dinhvaren
·
Published
2026-07-11
·
Updated
2026-07-11
·
CVE-2026-61428
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
PraisonAI AgentMail versions prior to 4.6.78
Description
The software lacks signature verification when operating in webhook mode. This allows unauthenticated attackers to inject messages with spoofed sender addresses by sending crafted
message.received events to the webhook endpoint. This action enables the injection of arbitrary content into the agent and can trigger replies to addresses controlled by the attacker, effectively bypassing sender allow and block lists.Recommendations
Update PraisonAI AgentMail to version 4.6.78 or later.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Agentmail