/Vulnerability Library

PraisonAI AgentOS - Information Disclosure

CVE-2026-40151
Verified

Description

PraisonAI's AgentOS FastAPI application server exposes an unauthenticated `GET /api/agents` endpoint that lists every registered agent's name, role and the opening of its instructions (system prompt). No authentication is enforced on the route, allowing a remote attacker to enumerate agent configurations and harvest sensitive details embedded in system prompts, such as internal API references, business logic and credential hints. This endpoint belongs to the AgentOS FastAPI server and is distinct from the legacy Flask `/agents` server tracked as CVE-2026-44338.

Severity

Medium

CVSS Score

5.3

Exploit Probability

1%

Affected Product

praisonai

Published Date

June 1, 2026

Template Author

aryu-ru

CVE-2026-40151.yaml
id: CVE-2026-40151

info:
  name: PraisonAI AgentOS - Information Disclosure
  author: aryu-ru
  severity: medium
  description: |
    PraisonAI's AgentOS FastAPI application server exposes an unauthenticated `GET /api/agents` endpoint that lists every registered agent's name, role and the opening of its instructions (system prompt). No authentication is enforced on the route, allowing a remote attacker to enumerate agent configurations and harvest sensitive details embedded in system prompts, such as internal API references, business logic and credential hints. This endpoint belongs to the AgentOS FastAPI server and is distinct from the legacy Flask `/agents` server tracked as CVE-2026-44338.
  impact: |
    An unauthenticated attacker can disclose agent names, roles and system-prompt content, which frequently contains proprietary business logic, internal endpoints and credential hints.
  remediation: |
    Upgrade PraisonAI to version 4.5.128 or later and restrict network access to the AgentOS API.
  reference:
    - https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-pm96-6xpr-978x
    - https://nvd.nist.gov/vuln/detail/CVE-2026-40151
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2026-40151
    epss-score: 0.00758
    epss-percentile: 0.50818
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 1
    vendor: praison
    product: praisonai
    shodan-query: http.html:"PraisonAI App"
    fofa-query: body="PraisonAI App"
  tags: cve,cve2026,praisonai,praison,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/agents"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"agents"'
          - '"role"'
          - '"instructions"'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - '"role"\s*:\s*"([^"]+)"'
# digest: 4a0a00473045022047a7dd8f7bf5fbb485954ff898de5fd6e50f27f55f8cda5e4ad04db738552f69022100fa5f2e6a69031ee584bd5f219520537786e40a2ff925f5c49ef19897f04c63a0:922c64590222798bb761d5b6d8e72950
5.3Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE ID:
cve-2026-40151
CWE ID:
cwe-200

References

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-pm96-6xpr-978xhttps://nvd.nist.gov/vuln/detail/CVE-2026-40151

Remediation Steps

Upgrade PraisonAI to version 4.5.128 or later and restrict network access to the AgentOS API.