CVE-2026-40151
Received Received - Intake
Information Disclosure via Unauthenticated API in PraisonAI AgentOS

Publication date: 2026-04-09

Last updated on: 2026-04-20

Assigner: GitHub, Inc.

Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no authentication middleware, no API key validation, and defaults to CORS allow_origins=["*"] with host="0.0.0.0", making every deployment network-accessible and queryable from any origin by default. This vulnerability is fixed in 4.5.128.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-20
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-14
NVD
CVE-2026-40151
EUVD
EUVD-2026-21172
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
praison praisonai to 4.5.128 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in PraisonAI's AgentOS deployment platform prior to version 4.5.128. The platform exposes a GET /api/agents endpoint that returns sensitive information such as agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated user. The application lacks authentication middleware and API key validation, and it is configured by default to allow cross-origin requests from any origin, making it accessible and queryable from any network.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information about the agents in the system, including their names, roles, and partial system instructions. Because the endpoint is accessible without authentication and from any origin, attackers or unauthorized users can easily gather this information, potentially aiding further attacks or reconnaissance.

Compliance Impact

This vulnerability allows unauthenticated access to agent names, roles, and partial system instructions via a publicly accessible API endpoint without authentication or API key validation. Such exposure of potentially sensitive information could lead to non-compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.

However, the provided information does not specify whether the exposed data includes personal or protected health information directly covered by these regulations.

Mitigation Strategies

To mitigate this vulnerability, upgrade the PraisonAI AgentOS deployment platform to version 4.5.128 or later, where the issue is fixed.

Additionally, consider restricting network access to the AgentOS deployment platform by limiting exposure to trusted networks only.

Implement authentication middleware or API key validation to prevent unauthenticated access to the /api/agents endpoint.

Review and tighten CORS settings to avoid allowing all origins (i.e., avoid allow_origins=["*"]) and configure the host binding to restrict access instead of using 0.0.0.0.

Detection Guidance

This vulnerability can be detected by checking if the AgentOS deployment platform exposes the GET /api/agents endpoint without authentication.

You can attempt to send an unauthenticated HTTP GET request to the /api/agents endpoint on the target system to see if it returns agent information.

For example, using curl from a command line:

  • curl -v http://<target-ip>:<port>/api/agents

If the response contains agent names, roles, or partial system instructions without requiring authentication, the system is vulnerable.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40151. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart