CVE-2026-61426 - CERT CVE
ID CVE-2026-61426
Sažetak PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication.
Reference
CVSS
Base: 8.6
Impact: 4.7
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH LOW LOW
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Zadnje važnije ažuriranje 13-07-2026 - 18:05
Objavljeno 11-07-2026 - 14:16