CVE-2026-39889: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in MervinPraison PraisonAI
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe, /a2u/events/{stream_name}, /a2u/events/sub/{id}, and /a2u/health. This vulnerability is fixed in 4.5.115.
AI Analysis
Technical Summary
PraisonAI versions before 4.5.115 contain an information exposure vulnerability (CWE-200) due to lack of authentication on the A2U event stream server endpoints. The create_a2u_routes() function registers multiple endpoints that allow access to agent activity data without any authentication checks. This results in unauthorized disclosure of sensitive information. The CVSS 3.1 base score is 7.5, reflecting network attack vector, no privileges required, no user interaction, and high confidentiality impact. The issue is resolved in PraisonAI version 4.5.115.
Potential Impact
Unauthorized actors can access sensitive agent activity information from the PraisonAI A2U event stream server without authentication. This leads to a high confidentiality impact, as sensitive data is exposed. There is no impact on integrity or availability reported. No known active exploitation has been documented.
Mitigation Recommendations
Upgrade PraisonAI to version 4.5.115 or later, where this vulnerability is fixed by adding authentication checks to the affected endpoints. Since no official patch link or vendor advisory is provided, confirm the fix by verifying the version in use. Patch status is not explicitly confirmed beyond the stated fix version, so check vendor resources for current remediation guidance.
CVE-2026-39889: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in MervinPraison PraisonAI
Description
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe, /a2u/events/{stream_name}, /a2u/events/sub/{id}, and /a2u/health. This vulnerability is fixed in 4.5.115.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
PraisonAI versions before 4.5.115 contain an information exposure vulnerability (CWE-200) due to lack of authentication on the A2U event stream server endpoints. The create_a2u_routes() function registers multiple endpoints that allow access to agent activity data without any authentication checks. This results in unauthorized disclosure of sensitive information. The CVSS 3.1 base score is 7.5, reflecting network attack vector, no privileges required, no user interaction, and high confidentiality impact. The issue is resolved in PraisonAI version 4.5.115.
Potential Impact
Unauthorized actors can access sensitive agent activity information from the PraisonAI A2U event stream server without authentication. This leads to a high confidentiality impact, as sensitive data is exposed. There is no impact on integrity or availability reported. No known active exploitation has been documented.
Mitigation Recommendations
Upgrade PraisonAI to version 4.5.115 or later, where this vulnerability is fixed by adding authentication checks to the affected endpoints. Since no official patch link or vendor advisory is provided, confirm the fix by verifying the version in use. Patch status is not explicitly confirmed beyond the stated fix version, so check vendor resources for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-07T20:32:03.011Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d6c32c1cc7ad14dab1ab44
Added to database: 4/8/2026, 9:05:48 PM
Last enriched: 4/16/2026, 11:59:32 AM
Last updated: 5/23/2026, 8:16:32 PM
Views: 81
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.