CVE-2026-61428
Received Received - Intake

PraisonAI AgentMail Webhook Signature Bypass

Vulnerability report for CVE-2026-61428, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-11

Last updated on: 2026-07-11

Assigner: VulnCheck

Description

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and trigger replies to attacker-controlled addresses, bypassing sender allow/block lists.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-11
Last Modified
2026-07-11
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
praisonai agentmail to 4.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can have several impacts:

  • Attackers can inject arbitrary messages into the agent, potentially manipulating its behavior.
  • Spoofed sender addresses allow attackers to bypass sender allow/block lists, making it harder to filter malicious messages.
  • The agent can be tricked into sending replies to attacker-controlled addresses, which could be used for phishing or spam.
  • It exposes the system to prompt injection attacks and potential abuse of large language model (LLM) resources, leading to increased operational costs.
  • If dangerous tools are available within the agent environment, this vulnerability could lead to escalation of privileges or further compromise.
Executive Summary

PraisonAI AgentMail versions before 4.6.78 have a security flaw where the webhook mode does not verify the signature of incoming requests. This means unauthenticated attackers can send specially crafted POST requests to the webhook endpoint, injecting messages with spoofed sender addresses.

Because the webhook server processes these attacker-controlled requests without verifying their authenticity, attackers can inject arbitrary content into the agent and cause it to reply to addresses they control. This bypasses any sender allow/block lists configured in the system.

The root cause is the absence of signature verification or authentication checks in the webhook handling function, allowing raw attacker-controlled JSON input to directly influence the agent's behavior.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for POST requests to the AgentMail webhook endpoint, which by default listens on port 8080 at the path /webhook.

Specifically, look for unauthenticated POST requests containing crafted message.received events with spoofed sender addresses.

Commands to detect such activity could include using network monitoring tools like tcpdump or Wireshark to filter HTTP POST requests to port 8080, for example:

  • tcpdump -i any tcp port 8080 and 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354' # Filters for HTTP POST requests on port 8080
  • grep or analyze web server logs for POST requests to /webhook containing suspicious or unexpected JSON payloads resembling message.received events.

Additionally, checking for the absence of signature verification or authentication in the webhook handler code (_handle_email_webhook function) can help confirm vulnerability presence.

Mitigation Strategies

Immediate mitigation steps include upgrading PraisonAI AgentMail to version 4.6.78 or later, where signature verification in webhook mode is implemented.

If upgrading is not immediately possible, restrict network access to the webhook endpoint (default port 8080, path /webhook) to trusted sources only.

Implement network-level controls such as firewall rules to block unauthenticated external POST requests to the webhook.

Review and apply any available patches or configuration changes that enforce signature verification or require authentication for webhook requests.

Monitor logs for suspicious POST requests and injected messages to detect exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61428. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart