PT-2026-57435 · Praisonai · Agentmail

Dinhvaren

·

Published

2026-07-11

·

Updated

2026-07-11

·

CVE-2026-61428

CVSS v3.1

7.3

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions PraisonAI AgentMail versions prior to 4.6.78
Description The software lacks signature verification when operating in webhook mode. This allows unauthenticated attackers to inject messages with spoofed sender addresses by sending crafted message.received events to the webhook endpoint. This action enables the injection of arbitrary content into the agent and can trigger replies to addresses controlled by the attacker, effectively bypassing sender allow and block lists.
Recommendations Update PraisonAI AgentMail to version 4.6.78 or later.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61428

Affected Products

Agentmail