Vulnerability  ·  2026-07-13

PraisonAI Insecure Default Configuration Exposes Agent API Without Authentication

VulnerabilityHigh impactGlobalCVE-2026-61426
PraisonAI's default configuration (versions before 1.7.3) exposes agent instructions/system prompts and allows invoking agents with no authentication whatsoever, due to an all-interfaces bind with wildcard CORS and no API key enforcement.
Any internet-facing default PraisonAI deployment leaks proprietary system prompts and permits unauthenticated invocation of potentially privileged agent actions — a classic insecure-default exposure pattern for agent frameworks with meaningful blast radius across default installs.
PraisonAI binds to all network interfaces by default with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication.
PraisonAI before 1.7.3
Upgrade to PraisonAI 1.7.3 or later; explicitly configure authentication and restrict CORS/bind address before any deployment.
GitHub Security Advisory GHSA-6wjp-v33h-5cvqVulnCheck Advisory
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →