EUVD-2026-21162
GHSA-q5r4-47m9-5mc7
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent connections, message rate, or message size, allowing an unauthenticated attacker to exhaust server resources and drain the victim's OpenAI API credits. This vulnerability is fixed in 4.5.128.
Analysis
Unauthenticated resource exhaustion in PraisonAI versions prior to 4.5.128 allows remote attackers to drain OpenAI API credits and exhaust server resources. The /media-stream WebSocket endpoint in the call module accepts connections without authentication or Twilio signature validation, enabling unlimited concurrent sessions to OpenAI's Realtime API using the server's credentials. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all PraisonAI deployments with call module enabled and inventory current version numbers; immediately restrict network access to /media-stream WebSocket endpoint via firewall or WAF rules to trusted sources only. Within 7 days: Upgrade all PraisonAI instances to version 4.5.128 or later, and rotate all OpenAI API credentials used by affected servers. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today