GHSA-g3pq-3vvx-36w6HighCVSS 8.6

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces...

Published
July 11, 2026
Last Modified
July 11, 2026

🔗 CVE IDs covered (1)

📋 Description

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication.

🔗 References (4)