Scan free
MEDIUMCVE-2026-40151CVSS 5.3

CVE-2026-40151: Information Disclosure in praisonai

Platform

python

Component

praisonai

Fixed in

4.5.129

4.5.128

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

CVE-2026-40151 describes an Information Disclosure vulnerability within the praisonai AgentOS deployment platform. This flaw allows unauthenticated attackers to access sensitive information, including agent names, roles, and the initial portion of agent system instructions. The vulnerability impacts versions of praisonai up to 4.5.98, and a fix is available in version 4.5.128.

Python

Detect this CVE in your project

Upload your requirements.txt file and we'll tell you instantly if you're affected.

Upload requirements.txtSupported formats: requirements.txt · Pipfile.lock

Impact and Attack Scenarios

The primary impact of CVE-2026-40151 is the exposure of sensitive agent data. An attacker could leverage this information to gain insights into the deployed agents' roles and functionalities, potentially aiding in reconnaissance for further attacks. While the initial system instructions are truncated to 100 characters, this partial exposure can still reveal valuable clues about the agents' intended behavior and configuration. The lack of authentication and the permissive CORS settings (allowing all origins) significantly broaden the attack surface, making exploitation straightforward from any network location. This vulnerability resembles scenarios where internal system details are inadvertently exposed via misconfigured APIs, potentially leading to privilege escalation or data breaches.

Exploitation Context

CVE-2026-40151 was published on 2026-04-10. Its severity is currently assessed as Medium. There are no known public exploits or active campaigns targeting this vulnerability at the time of writing. The vulnerability is not listed on KEV or EPSS. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation attempts.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh
Reports1 threat report

EPSS

0.04% (12% percentile)

CISA SSVC

Exploitationpoc
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N5.3MEDIUMAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityNoneRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
None — no integrity impact. Attacker cannot modify data.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentpraisonai
Vendorosv
Affected rangeFixed in
< 4.5.128 – < 4.5.1284.5.129
4.5.128

Weakness Classification (CWE)

CWE-200

Timeline

  1. Reserved
  2. Published
  3. EPSS updated
Patched -1 days after disclosure

Mitigation and Workarounds

The recommended mitigation for CVE-2026-40151 is to immediately upgrade praisonai to version 4.5.128 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict network access to the AgentOS deployment platform using firewalls or network segmentation to limit exposure. Implement API authentication middleware to require valid credentials for accessing the /api/agents endpoint. Configure CORS to restrict allowed origins to trusted domains only. While not a direct fix, these steps can reduce the attack surface and limit the potential impact of the vulnerability.

How to fix

Actualice PraisonAI a la versión 4.5.128 o superior para mitigar la divulgación de información no autenticada. Esta versión corrige la vulnerabilidad al implementar la autenticación adecuada y la validación de API keys, así como al restringir el acceso CORS.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-40151 — Information Disclosure in praisonai?

CVE-2026-40151 is an Information Disclosure vulnerability affecting praisonai versions up to 4.5.98. It allows unauthenticated attackers to retrieve agent names, roles, and parts of system instructions via the /api/agents endpoint.

Am I affected by CVE-2026-40151 in praisonai?

You are affected if you are running praisonai version 4.5.98 or earlier. Check your version using /opt/praisonai/bin/praisonai --version.

How do I fix CVE-2026-40151 in praisonai?

Upgrade praisonai to version 4.5.128 or later. As a temporary workaround, restrict network access and implement API authentication.

Is CVE-2026-40151 being actively exploited?

There are currently no known public exploits or active campaigns targeting CVE-2026-40151, but continuous monitoring is recommended.

Where can I find the official praisonai advisory for CVE-2026-40151?

Refer to the praisonai security advisories page for the latest information and official guidance regarding CVE-2026-40151.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs