Home

Description

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication.

PUBLISHED Reserved 2026-07-09 | Published 2026-07-11 | Updated 2026-07-13 | Assigner VulnCheck




HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Problem types

Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unaffected

Any version before 1.7.3
affected

1.7.3 (semver)
unaffected

Credits

dinhvaren reporter

References

github.com/...isonAI/security/advisories/GHSA-6wjp-v33h-5cvq exploit

github.com/...isonAI/security/advisories/GHSA-6wjp-v33h-5cvq (GitHub Security Advisory (GHSA-6wjp-v33h-5cvq)) vendor-advisory

www.vulncheck.com/...ated-agent-access-via-insecure-defaults (VulnCheck Advisory: PraisonAI before 1.7.3 Unauthenticated Agent Access via Insecure Defaults) third-party-advisory

cve.org (CVE-2026-61426)

nvd.nist.gov (CVE-2026-61426)

Download JSON