Skip to content
snailsploit[$]
CVE Disclosure · PraisonAI

CVE-2026-55528

PraisonAI · praisonaiagents

AgentServer declares an auth_token but never reads it, adds no middleware, and guards no route

SeverityHigh
ClassCWE-306
VectorUnenforced auth_token
AdvisoryGHSA-7g3p-92qq-8wvh

Summary

CVE-2026-55528 is a missing-authentication flaw (CWE-306, with CWE-862) in PraisonAI (praisonaiagents ≤ 1.6.48). The AgentServer component exposes an auth_token configuration field — implying its routes are protected — but the token is never actually enforced.

Technical Detail

Configuring auth_token creates a reasonable expectation that requests must present it. In practice AgentServer:

The result is that every endpoint — /info, /publish, /events, /health — answers any caller, authenticated or not. The security control exists in the configuration surface but not in the request path.

Impact

Unauthenticated access to the full AgentServer surface: an attacker can inject events via /publish, eavesdrop on the live stream at /events, and read configuration and state from /info. Operators who set auth_token believe the server is locked down when it is fully open.

Resolution

Upgrade to the fixed PraisonAI release named in the advisory, which enforces the token on every route. Hardening guidance:

References

Vendor Advisory (GHSA)MITRENVD

Disclosure

Reported by Kai Aizen (SnailSploit). Coordinated with the PraisonAI maintainers via GitHub Security Advisory GHSA-7g3p-92qq-8wvh. See the advisory for affected and fixed version details.

disclosure contextall cves →
all disclosures
CVE Ledger →
Published CVEs
advisories
GHSA disclosures →
Coordinated advisories
engage
Pen Testing →
same methodology, your stack
Author
Kai Aizen
Independent Adversarial · Research group. Published CVEs, Linux kernel mainline patches, creator of AATMF / P.R.O.M.P.T / SEF, author of Adversarial Minds.
aboutservicesresearchgate
Quick facts
ID
CVE-2026-55528
Product
PraisonAI (praisonaiagents)
Severity
High
Class
CWE-306
Vector: AgentServer exposes /info, /publish, /events, /health with no auth check · Affected/Fixed: see GHSA
References: GHSA-7g3p-92qq-8wvh · MITRE · NVD
Frequently asked

CVE-2026-55528 — questions & answers

What is CVE-2026-55528?

CVE-2026-55528 is a missing-authentication flaw (CWE-306 / CWE-862) in PraisonAI (praisonaiagents ≤ 1.6.48). AgentServer declares an auth_token but never reads it, adds no middleware, and guards no route, so /info, /publish, /events and /health are reachable unauthenticated. Tracked as GHSA-7g3p-92qq-8wvh.

Am I affected by CVE-2026-55528?

You are affected if you run praisonaiagents ≤ 1.6.48 with AgentServer reachable from an untrusted network — even if you set auth_token, because the token is not enforced. See GHSA-7g3p-92qq-8wvh for the fixed version.

How do I fix CVE-2026-55528?

Upgrade to the fixed release in GHSA-7g3p-92qq-8wvh, which enforces auth_token on every route. As interim mitigation, bind AgentServer to localhost or put it behind an authenticating reverse proxy.

What is the impact of CVE-2026-55528?

Unauthenticated event injection via /publish, eavesdropping on /events, and configuration disclosure via /info — the entire AgentServer surface is open despite an auth_token being configured.

Where can I find authoritative references?

The GitHub Security Advisory GHSA-7g3p-92qq-8wvh, the MITRE CVE record for CVE-2026-55528, and the NVD detail page once published.