What is the CVSS score of CVE-2026-40116?

CVE-2026-40116 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Praisonai are affected by CVE-2026-40116?

PraisonAI versions before 4.5.128 contain an unauthenticated resource exhaustion vulnerability in the /media-stream WebSocket endpoint that allows attackers to drain OpenAI API credits and exhaust…. A patch is available.

How to fix or mitigate CVE-2026-40116?

Within 24 hours: Identify all PraisonAI deployments with call module enabled and inventory current version numbers; immediately restrict network access to /media-stream WebSocket endpoint via firewall or WAF rules to trusted sources only. Within 7 days: Upgrade all PraisonAI instances to version 4.5.128 or later, and rotate all OpenAI API credentials used by affected servers. Within 30 days: Implement network segmentation to isolate PraisonAI call modules, deploy authentication/authorization on all WebSocket endpoints, and conduct OpenAI API usage audit for unauthorized charges during exposure window.

Praisonai CVE-2026-40116

EUVD-2026-21162 HIGH

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-04-09 GitHub_M

GHSA-q5r4-47m9-5mc7

Denial Of Service Praisonai

7.5

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 18:37 vuln.today

cvss_changed

Patch released

Apr 10, 2026 - 20:30 nvd

Patch available

EUVD ID Assigned

Apr 09, 2026 - 21:45 euvd

EUVD-2026-21162

Analysis Generated

Apr 09, 2026 - 21:45 vuln.today

CVE Published

Apr 09, 2026 - 21:20 nvd

HIGH 7.5

DescriptionGitHub Advisory

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent connections, message rate, or message size, allowing an unauthenticated attacker to exhaust server resources and drain the victim's OpenAI API credits. This vulnerability is fixed in 4.5.128.

AnalysisAI

Unauthenticated resource exhaustion in PraisonAI versions prior to 4.5.128 allows remote attackers to drain OpenAI API credits and exhaust server resources. The /media-stream WebSocket endpoint in the call module accepts connections without authentication or Twilio signature validation, enabling unlimited concurrent sessions to OpenAI's Realtime API using the server's credentials. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Connect to /media-stream WebSocket endpoint

Exploit

Establish unauthenticated session to OpenAI API

Execution

Send unlimited messages without rate limits

Impact

Exhaust server resources and drain API credits

Access

Connect to /media-stream WebSocket endpoint

Exploit

Establish unauthenticated session to OpenAI API

Execution

Send unlimited messages without rate limits

Impact

Exhaust server resources and drain API credits

Vulnerability AssessmentAI

Exploitation	Remote unauthenticated attacker can exploit PraisonAI versions prior to 4.5.128 by connecting to the /media-stream WebSocket endpoint without authentication. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Unauthenticated attackers can exhaust server resources and drain OpenAI API credits via unlimited WebSocket connections to /media-stream. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Attacker sends multiple WebSocket connection requests to the /media-stream endpoint without credentials. Each connection opens an authenticated OpenAI Realtime API session using the server's API key, consuming credits until the account is depleted or quota limits trigger denial of service.
Remediation	Vendor-released patch: upgrade to PraisonAI version 4.5.128 or later, which implements authentication and Twilio signature validation on the /media-stream WebSocket endpoint. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all PraisonAI deployments with call module enabled and inventory current version numbers; immediately restrict network access to /media-stream WebSocket endpoint via firewall or WAF rules to trusted sources only. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-40116 vulnerability details – vuln.today

Back

Praisonai CVE-2026-40116

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code