CVE-2026-40116
Received Received - Intake
Unauthenticated Resource Exhaustion via PraisonAI /media-stream WebSocket

Publication date: 2026-04-09

Last updated on: 2026-04-17

Assigner: GitHub, Inc.

Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent connections, message rate, or message size, allowing an unauthenticated attacker to exhaust server resources and drain the victim's OpenAI API credits. This vulnerability is fixed in 4.5.128.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40116
EUVD
EUVD-2026-21162
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
praison praisonai to 4.5.128 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability involves the /media-stream WebSocket endpoint in PraisonAI's call module accepting unauthenticated connections. To detect exploitation attempts or presence of this vulnerability, you can monitor network traffic for WebSocket connections to the /media-stream endpoint.

One approach is to use network monitoring tools like tcpdump or Wireshark to capture and filter WebSocket traffic targeting the vulnerable endpoint.

  • Use tcpdump to capture traffic on port 80 or 443 (depending on your setup) and filter for HTTP requests to /media-stream:
  • tcpdump -i <interface> -A -s 0 'tcp port 80 or tcp port 443' | grep '/media-stream'
  • Alternatively, use curl or websocat to test if the /media-stream endpoint accepts unauthenticated WebSocket connections:
  • websocat ws://<praisonai-server>/media-stream

If the connection is accepted without authentication or signature validation, the system is vulnerable if it is running a version prior to 4.5.128.

Executive Summary

The vulnerability exists in PraisonAI's call module prior to version 4.5.128, specifically in the /media-stream WebSocket endpoint. This endpoint accepts connections from any client without requiring authentication or Twilio signature validation.

Each connection established through this endpoint opens an authenticated session to OpenAI's Realtime API using the server's API key. Because there are no restrictions on the number of concurrent connections, message rate, or message size, an unauthenticated attacker can exploit this to exhaust server resources and deplete the victim's OpenAI API credits.

This vulnerability was fixed in version 4.5.128 of PraisonAI.

Impact Analysis

This vulnerability can impact you by allowing an unauthenticated attacker to consume your server resources and exhaust your OpenAI API credits without authorization.

Because there are no limits on connections or message rates, the attacker can cause denial of service by overwhelming the system, potentially disrupting legitimate use of the PraisonAI service.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade PraisonAI to version 4.5.128 or later, where the issue with the /media-stream WebSocket endpoint is fixed.

Compliance Impact

The vulnerability allows unauthenticated attackers to connect to the /media-stream WebSocket endpoint without authentication or signature validation, potentially exhausting server resources and draining OpenAI API credits.

However, there is no information provided about the exposure or compromise of personal data, confidentiality, or integrity of user information.

Therefore, based on the available information, it is unclear how this vulnerability directly impacts compliance with standards like GDPR or HIPAA, which primarily focus on data protection and privacy.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40116. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart