2 matches found
PT-2026-42208
Name of the Vulnerable Software and Affected Versions Algernon versions prior to 1.17.7 Description The SSE event server's Access-Control-Allow-Origin response header is hardcoded to the wildcard , regardless of the caller's Origin. Because EventSource does not perform a preflight request and doe...
PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS
Summary The AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no authentication middleware, no API key validation, and default...