Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-61427: Improper Input Validation in MervinPraison PraisonAI

0
Medium
VulnerabilityCVE-2026-61427cvecve-2026-61427
Published: 07/15/2026 (07/15/2026, 11:25:37 UTC)
Source: CVE Database V5
Vendor/Project: MervinPraison
Product: PraisonAI

Description

PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream' without an API key, an unauthenticated client (no Authorization header, and no Origin header, which is also permitted) can initialize a session, enumerate the available tools (tools/list), and invoke tools (tools/call). Additionally, the dispatcher forwards tool-call arguments to handlers without validating them against the advertised inputSchema. The server binds to 127.0.0.1 by default, so remote exploitation requires the operator to bind to a network-accessible address (e.g., --host 0.0.0.0).

CVSS v4.0

Score 6.9medium

Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Vuln. Confidentiality
Low
Vuln. Integrity
Low
Vuln. Availability
Low
Subsq. Confidentiality
None
Subsq. Integrity
None
Subsq. Availability
None
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/15/2026, 12:19:17 UTC

Technical Analysis

CVE-2026-61427 describes an improper input validation and authentication bypass vulnerability in MervinPraison's PraisonAI prior to version 4.6.78. The MCP HTTP-stream transport is exposed without authentication when no API key is set, allowing unauthenticated clients to interact with the server's tool interfaces. Additionally, the dispatcher forwards tool-call arguments without validating them against the input schema, potentially allowing malformed inputs. By default, the server binds to 127.0.0.1, limiting exposure to local access unless explicitly configured to bind to a network-accessible interface.

Potential Impact

An unauthenticated attacker on the local machine or on the network (if the server is bound to a public interface) can initialize sessions, enumerate available tools, and invoke them with unvalidated input arguments. This could lead to unauthorized use of tools and potential exploitation due to lack of input validation. However, remote exploitation requires the server to be bound to a network-accessible address, which is not the default configuration.

Mitigation Recommendations

No official fix or patch is currently confirmed for this vulnerability. Operators should ensure that an API key is configured to enforce Authorization/Bearer checks on the MCP HTTP-stream transport. Additionally, avoid binding the server to network-accessible addresses unless necessary. Monitor vendor advisories for updates or official patches addressing this issue.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
VulnCheck
Date Reserved
2026-07-09T14:05:21.470Z
Cvss Version
4.0
State
PUBLISHED
Remediation Level
null

Threat ID: 6a57771e68715ace43a93b81

Added to database: 07/15/2026, 12:03:42 UTC

Last enriched: 07/15/2026, 12:19:17 UTC

Last updated: 07/15/2026, 14:42:44 UTC

Views: 4

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses