PraisonAI AgentOS - Information Disclosure
CVE-2026-40151
Verified
Description
PraisonAI's AgentOS FastAPI application server exposes an unauthenticated `GET /api/agents` endpoint that lists every registered agent's name, role and the opening of its instructions (system prompt). No authentication is enforced on the route, allowing a remote attacker to enumerate agent configurations and harvest sensitive details embedded in system prompts, such as internal API references, business logic and credential hints. This endpoint belongs to the AgentOS FastAPI server and is distinct from the legacy Flask `/agents` server tracked as CVE-2026-44338.
Severity
Medium
CVSS Score
5.3
Exploit Probability
1%
Affected Product
praisonai
Published Date
June 1, 2026
Template Author
aryu-ru
CVE-2026-40151.yaml
id: CVE-2026-40151
info:
name: PraisonAI AgentOS - Information Disclosure
author: aryu-ru
severity: medium
description: |
PraisonAI's AgentOS FastAPI application server exposes an unauthenticated `GET /api/agents` endpoint that lists every registered agent's name, role and the opening of its instructions (system prompt). No authentication is enforced on the route, allowing a remote attacker to enumerate agent configurations and harvest sensitive details embedded in system prompts, such as internal API references, business logic and credential hints. This endpoint belongs to the AgentOS FastAPI server and is distinct from the legacy Flask `/agents` server tracked as CVE-2026-44338.
impact: |
An unauthenticated attacker can disclose agent names, roles and system-prompt content, which frequently contains proprietary business logic, internal endpoints and credential hints.
remediation: |
Upgrade PraisonAI to version 4.5.128 or later and restrict network access to the AgentOS API.
reference:
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-pm96-6xpr-978x
- https://nvd.nist.gov/vuln/detail/CVE-2026-40151
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2026-40151
epss-score: 0.00758
epss-percentile: 0.50818
cwe-id: CWE-200
metadata:
verified: true
max-request: 1
vendor: praison
product: praisonai
shodan-query: http.html:"PraisonAI App"
fofa-query: body="PraisonAI App"
tags: cve,cve2026,praisonai,praison,exposure
http:
- method: GET
path:
- "{{BaseURL}}/api/agents"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"agents"'
- '"role"'
- '"instructions"'
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
extractors:
- type: regex
part: body
group: 1
regex:
- '"role"\s*:\s*"([^"]+)"'
# digest: 4a0a00473045022047a7dd8f7bf5fbb485954ff898de5fd6e50f27f55f8cda5e4ad04db738552f69022100fa5f2e6a69031ee584bd5f219520537786e40a2ff925f5c49ef19897f04c63a0:922c64590222798bb761d5b6d8e729505.3Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE ID:
cve-2026-40151
CWE ID:
cwe-200
Remediation Steps
Upgrade PraisonAI to version 4.5.128 or later and restrict network access to the AgentOS API.