Lucene search
+L

7 matches found

EUVD
EUVD
added 2026/04/10 7:22 p.m.6 views

EUVD-2026-21162

PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits...

7.5CVSS5.8AI score0.00372EPSS
Exploits1References3
OSV
OSV
added 2026/04/10 7:22 p.m.3 views

GHSA-Q5R4-47M9-5MC7 PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits

Summary The /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent...

7.5CVSS5.8AI score0.00372EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/10 7:22 p.m.13 views

PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits

Summary The /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent...

7.5CVSS5.8AI score0.00372EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/09 10:16 p.m.8 views

CVE-2026-40116

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...

7.5CVSS0.00372EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:20 p.m.1 views

CVE-2026-40116

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...

7.5CVSS5.9AI score0.00372EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/09 9:20 p.m.3 views

CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...

7.5CVSS6AI score0.00372EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.12 views

PT-2026-31785

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAI is a multi-agent teams system. The /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation...

7.5CVSS6.1AI score0.00372EPSS
Exploits1References13
Rows per page
Query Builder