cvedb.io
CVE-2026-34952
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2026-04-03T23:17:06.490 · Last modified 2026-06-17T10:39:52.430

Summary

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. This issue has been patched in version 4.5.97.

Affected products

praison — praisonai

Does this affect you?

Add your gear to cvedb and we'll alert you only when praison ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.