EUVD-2026-21172
GHSA-pm96-6xpr-978x
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no authentication middleware, no API key validation, and defaults to CORS allow_origins=["*"] with host="0.0.0.0", making every deployment network-accessible and queryable from any origin by default. This vulnerability is fixed in 4.5.128.
Analysis
PraisonAI AgentOS prior to version 4.5.128 exposes agent metadata including names, roles, and system instruction snippets via an unauthenticated GET /api/agents endpoint accessible from any network origin due to missing authentication middleware and permissive CORS defaults. This information disclosure vulnerability allows remote attackers to enumerate agent configurations without credentials, potentially revealing sensitive operational details that could inform social engineering or reconnaissance attacks against multi-agent deployments.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today