CVE-2026-40116
Unauthenticated Resource Exhaustion via PraisonAI /media-stream WebSocket
Publication date: 2026-04-09
Last updated on: 2026-04-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| praison | praisonai | to 4.5.128 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the /media-stream WebSocket endpoint in PraisonAI's call module accepting unauthenticated connections. To detect exploitation attempts or presence of this vulnerability, you can monitor network traffic for WebSocket connections to the /media-stream endpoint.
One approach is to use network monitoring tools like tcpdump or Wireshark to capture and filter WebSocket traffic targeting the vulnerable endpoint.
- Use tcpdump to capture traffic on port 80 or 443 (depending on your setup) and filter for HTTP requests to /media-stream:
- tcpdump -i <interface> -A -s 0 'tcp port 80 or tcp port 443' | grep '/media-stream'
- Alternatively, use curl or websocat to test if the /media-stream endpoint accepts unauthenticated WebSocket connections:
- websocat ws://<praisonai-server>/media-stream
If the connection is accepted without authentication or signature validation, the system is vulnerable if it is running a version prior to 4.5.128.
Can you explain this vulnerability to me?
The vulnerability exists in PraisonAI's call module prior to version 4.5.128, specifically in the /media-stream WebSocket endpoint. This endpoint accepts connections from any client without requiring authentication or Twilio signature validation.
Each connection established through this endpoint opens an authenticated session to OpenAI's Realtime API using the server's API key. Because there are no restrictions on the number of concurrent connections, message rate, or message size, an unauthenticated attacker can exploit this to exhaust server resources and deplete the victim's OpenAI API credits.
This vulnerability was fixed in version 4.5.128 of PraisonAI.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an unauthenticated attacker to consume your server resources and exhaust your OpenAI API credits without authorization.
Because there are no limits on connections or message rates, the attacker can cause denial of service by overwhelming the system, potentially disrupting legitimate use of the PraisonAI service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade PraisonAI to version 4.5.128 or later, where the issue with the /media-stream WebSocket endpoint is fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to connect to the /media-stream WebSocket endpoint without authentication or signature validation, potentially exhausting server resources and draining OpenAI API credits.
However, there is no information provided about the exposure or compromise of personal data, confidentiality, or integrity of user information.
Therefore, based on the available information, it is unclear how this vulnerability directly impacts compliance with standards like GDPR or HIPAA, which primarily focus on data protection and privacy.