Vulnerability  ·  2026-07-13

PraisonAI AgentMail Webhook Signature Verification Bypass Enables Message Spoofing

VulnerabilityMedium impactGlobalCVE-2026-61428
PraisonAI's AgentMail component (before 4.6.78) accepts unsigned webhook payloads, allowing an attacker to forge inbound email/message events with an arbitrary sender identity that the agent will process as legitimate.
This enables indirect prompt injection via spoofed 'trusted' senders, letting an attacker manipulate agent behavior (e.g., trigger financial or data-exfiltration actions) by impersonating a legitimate correspondent in an email-driven agent workflow.
PraisonAI AgentMail's webhook mode lacks signature verification, so unauthenticated attackers can POST crafted message.received events with spoofed sender addresses directly to the webhook endpoint, injecting arbitrary content into the agent's processing pipeline.
PraisonAI AgentMail before 4.6.78
Upgrade PraisonAI to 4.6.78 or later; enforce webhook signature/HMAC verification before processing any inbound message events.
NVD CVE-2026-61428 (lead)HackerFeeds
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →