CVE-2026-40151
Information Disclosure via Unauthenticated API in PraisonAI AgentOS
Publication date: 2026-04-09
Last updated on: 2026-04-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| praison | praisonai | to 4.5.128 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in PraisonAI's AgentOS deployment platform prior to version 4.5.128. The platform exposes a GET /api/agents endpoint that returns sensitive information such as agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated user. The application lacks authentication middleware and API key validation, and it is configured by default to allow cross-origin requests from any origin, making it accessible and queryable from any network.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information about the agents in the system, including their names, roles, and partial system instructions. Because the endpoint is accessible without authentication and from any origin, attackers or unauthorized users can easily gather this information, potentially aiding further attacks or reconnaissance.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated access to agent names, roles, and partial system instructions via a publicly accessible API endpoint without authentication or API key validation. Such exposure of potentially sensitive information could lead to non-compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.
However, the provided information does not specify whether the exposed data includes personal or protected health information directly covered by these regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the AgentOS deployment platform exposes the GET /api/agents endpoint without authentication.
You can attempt to send an unauthenticated HTTP GET request to the /api/agents endpoint on the target system to see if it returns agent information.
For example, using curl from a command line:
- curl -v http://<target-ip>:<port>/api/agents
If the response contains agent names, roles, or partial system instructions without requiring authentication, the system is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade the PraisonAI AgentOS deployment platform to version 4.5.128 or later, where the issue is fixed.
Additionally, consider restricting network access to the AgentOS deployment platform by limiting exposure to trusted networks only.
Implement authentication middleware or API key validation to prevent unauthenticated access to the /api/agents endpoint.
Review and tighten CORS settings to avoid allowing all origins (i.e., avoid allow_origins=["*"]) and configure the host binding to restrict access instead of using 0.0.0.0.