Plateforme
python
Composant
praisonai
Corrigé dans
4.5.129
4.5.128
CVE-2026-40151 describes an Information Disclosure vulnerability within the praisonai AgentOS deployment platform. This flaw allows unauthenticated attackers to access sensitive information, including agent names, roles, and the initial portion of agent system instructions. The vulnerability impacts versions of praisonai up to 4.5.98, and a fix is available in version 4.5.128.
The primary impact of CVE-2026-40151 is the exposure of sensitive agent data. An attacker could leverage this information to gain insights into the deployed agents' roles and functionalities, potentially aiding in reconnaissance for further attacks. While the initial system instructions are truncated to 100 characters, this partial exposure can still reveal valuable clues about the agents' intended behavior and configuration. The lack of authentication and the permissive CORS settings (allowing all origins) significantly broaden the attack surface, making exploitation straightforward from any network location. This vulnerability resembles scenarios where internal system details are inadvertently exposed via misconfigured APIs, potentially leading to privilege escalation or data breaches.
CVE-2026-40151 was published on 2026-04-10. Its severity is currently assessed as Medium. There are no known public exploits or active campaigns targeting this vulnerability at the time of writing. The vulnerability is not listed on KEV or EPSS. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation attempts.
Statut de l'Exploit
EPSS
0.04% (percentile 12%)
CISA SSVC
Vecteur CVSS
The recommended mitigation for CVE-2026-40151 is to immediately upgrade praisonai to version 4.5.128 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict network access to the AgentOS deployment platform using firewalls or network segmentation to limit exposure. Implement API authentication middleware to require valid credentials for accessing the /api/agents endpoint. Configure CORS to restrict allowed origins to trusted domains only. While not a direct fix, these steps can reduce the attack surface and limit the potential impact of the vulnerability.
Actualice PraisonAI a la versión 4.5.128 o superior para mitigar la divulgación de información no autenticada. Esta versión corrige la vulnerabilidad al implementar la autenticación adecuada y la validación de API keys, así como al restringir el acceso CORS.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-40151 is an Information Disclosure vulnerability affecting praisonai versions up to 4.5.98. It allows unauthenticated attackers to retrieve agent names, roles, and parts of system instructions via the /api/agents endpoint.
You are affected if you are running praisonai version 4.5.98 or earlier. Check your version using /opt/praisonai/bin/praisonai --version.
Upgrade praisonai to version 4.5.128 or later. As a temporary workaround, restrict network access and implement API authentication.
There are currently no known public exploits or active campaigns targeting CVE-2026-40151, but continuous monitoring is recommended.
Refer to the praisonai security advisories page for the latest information and official guidance regarding CVE-2026-40151.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.