CVE-2026-61435
Received Received - Intake

Authentication Bypass in PraisonAI via Spoofed Host Header

Vulnerability report for CVE-2026-61435, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-15

Last updated on: 2026-07-15

Assigner: VulnCheck

Description

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints (src/praisonai/praisonai/api/agent_invoke.py) when PRAISONAI_CALL_AUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host from request.url.hostname, which is taken from the client-controlled HTTP Host header. A remote, unauthenticated attacker who can reach the service over the network can send a spoofed 'Host: 127.0.0.1' header to bypass the localhost-only restriction and list (GET /api/v1/agents) and invoke (POST /api/v1/agents/{agent_id}/invoke) registered agents without authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-15
Last Modified
2026-07-15
Generated
2026-07-15
AI Q&A
2026-07-15
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
mervinpraison praisonai to 4.6.78 (exc)
praisonai praisonai to 4.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-61435 is an authentication bypass vulnerability in PraisonAI versions 4.6.62 and earlier. When the setting PRAISONAI_CALL_AUTH=disabled is enabled, the system incorrectly relies on the HTTP Host header to enforce localhost-only restrictions. Attackers can spoof this header to 127.0.0.1, bypassing authentication and accessing sensitive endpoints like /api/v1/agents and /api/v1/agents/{agent_id}/invoke without credentials.

The flaw stems from using client-controlled request.url.hostname to determine binding safety, allowing remote unauthenticated access when the API is network-reachable and the opt-out is enabled.

Impact Analysis

This vulnerability allows remote attackers to list all registered agents and invoke them without authentication. This could lead to unauthorized execution of tools, integrations, or sensitive operations exposed by the agents, potentially resulting in data breaches, system compromise, or further lateral movement within the network.

Compliance Impact

This vulnerability could lead to unauthorized access to sensitive data or systems, violating confidentiality requirements under GDPR and HIPAA. It may result in data breaches, unauthorized processing, or disclosure of protected health information, leading to regulatory penalties, fines, or legal consequences for non-compliance.

Detection Guidance

To detect this vulnerability, monitor network traffic for requests to PraisonAI endpoints (/api/v1/agents or /api/v1/agents/{agent_id}/invoke) with a Host header set to 127.0.0.1 or localhost. Check if unauthenticated requests are reaching these endpoints when PRAISONAI_CALL_AUTH=disabled is configured.

Mitigation Strategies

Immediately upgrade PraisonAI to version 4.6.78 or later. If upgrading is not possible, disable the PRAISONAI_CALL_AUTH=disabled configuration and ensure the API is not exposed to untrusted networks. Review server logs for suspicious requests with spoofed Host headers.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61435. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart