PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS

Summary The AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no authentication middleware, no API key validation, and default...

GHSA-PM96-6XPR-978X PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS

Summary The AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no authentication middleware, no API key validation, and default...

Missing Authentication for Critical Function

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the listagents function. An attacker can access sensitive agent names, roles, and partial...

CVE-2026-40151 PraisonAI Affected by Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no...

CVE-2026-40151

Prais onAI's AgentOS vulnerability involves the GET /api/agents endpoint exposed by the AgentOS FastAPI deployment. The issue allows unauthenticated callers to retrieve agent names, roles, and the first 100 characters of agent system instructions due to missing authentication middleware, no API k...

CVE-2026-40151

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no...

PT-2026-31790

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAI is a multi-agent teams system. The AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system...

Jenkins Sidepanel - Unauthorized Agent/Queue Exposure

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget. id:...

ICE Agent Doxxing Platform was Crippled After Coordinated DDoS Attack

The activist website called "ICE List" was offline after a massive DDoS attack. The crash followed a leak of 4,500 federal agent names linked to the Renee Nicole Good shooting...

CVE-2020-36926

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique...

CVE-2020-36926

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique...

CVE-2020-36926

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique...

CVE-2020-36926

SmarterTrack 7922 is affected by an information disclosure vulnerability in the Chat Management search form. The issue allows unauthenticated access to the /Management/Chat/frmChatSearch.aspx endpoint, exposing agents’ first and last names and their unique identifiers. Reported details consistent...

PT-2026-3147

Name of the Vulnerable Software and Affected Versions SmarterTrack version 7922 Description The software contains an information disclosure issue in the Chat Management search form. This allows unauthorized access to agent identification details, specifically agents' first and last names and thei...

EUVD-2022-4968

Malicious code in bioql PyPI...

GHSA-67V4-38H7-9JJP Jenkins has a missing permission check, allowing users to obtain agent names

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission. This allows attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

Missing Authorization

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Missing Authorization via the sidepanel of an intentionally accessible page. Users lacking Overall/Read permission can access agent names by viewing the executors...

Jenkins has a missing permission check, allowing users to obtain agent names

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission. This allows attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

CVE-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

CVE-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...