Vulnerability Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent connections, message rate, or message size, allowing an unauthenticated attacker to exhaust server resources and drain the victim's OpenAI API credits. This vulnerability is fixed in 4.5.128.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Praison | Praisonai | < 4.5.128 |
Related Weaknesses (CWE)
References
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q5r4-47m9-5mExploitVendor Advisory
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q5r4-47m9-5mExploitVendor Advisory
FAQ
What is CVE-2026-40116?
CVE-2026-40116 is a vulnerability with a CVSS score of 7.5 (HIGH). PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signatur...
How severe is CVE-2026-40116?
CVE-2026-40116 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-40116?
Check the references section above for vendor advisories and patch information. Affected products include: Praison Praisonai.