CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-61426

highCVSS 8.6covered by 1 sourcefirst seen 2026-07-11
PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication.

⚡ Watch CVE-2026-61426

Get an email if CVE-2026-61426 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-61426

CVE.org record

Embed the live status

CVE-2026-61426 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-61426 status](https://www.csirts.com/badge/CVE-2026-61426)](https://www.csirts.com/cve/CVE-2026-61426)