{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34952", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-31T17:27:08.661Z", "datePublished": "2026-04-03T22:53:22.083Z", "dateUpdated": "2026-04-06T15:41:53.342Z"}, "containers": {"cna": {"title": "PraisonAI: Missing Authentication in WebSocket Gateway", "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfh6-vr3j-qc3g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfh6-vr3j-qc3g"}], "affected": [{"vendor": "MervinPraison", "product": "PraisonAI", "versions": [{"version": "< 4.5.97", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:53:22.083Z"}, "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. This issue has been patched in version 4.5.97."}], "source": {"advisory": "GHSA-cfh6-vr3j-qc3g", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfh6-vr3j-qc3g", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T15:35:18.622632Z", "id": "CVE-2026-34952", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:41:53.342Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34952", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-06T15:35:18.622632Z"}}}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfh6-vr3j-qc3g", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T15:35:27.437Z"}}], "cna": {"title": "PraisonAI: Missing Authentication in WebSocket Gateway", "source": {"advisory": "GHSA-cfh6-vr3j-qc3g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "MervinPraison", "product": "PraisonAI", "versions": [{"status": "affected", "version": "< 4.5.97"}]}], "references": [{"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfh6-vr3j-qc3g", "name": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfh6-vr3j-qc3g", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. This issue has been patched in version 4.5.97."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:53:22.083Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34952", "state": "PUBLISHED", "dateUpdated": "2026-04-06T15:41:53.342Z", "dateReserved": "2026-03-31T17:27:08.661Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-03T22:53:22.083Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. This issue has been patched in version 4.5.97."}], "id": "CVE-2026-34952", "lastModified": "2026-04-07T13:20:55.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-03T23:17:06.490", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfh6-vr3j-qc3g"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfh6-vr3j-qc3g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.5.97)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PraisonAI", "source": "cna", "vendor": "MervinPraison"}, "product": "praisonai", "vendor": "mervinpraison"}], "analysis": {"en": {"generated_at": "2026-04-04T02:26:13.073770+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch to version 4.5.97 or later.", "Verify that WebSocket connections now require authentication by attempting an unauthenticated connection.", "Restrict network access to the PraisonAI Gateway to trusted hosts or internal network segments.", "Monitor logs for unusual WebSocket traffic and attempted enumeration of agents."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerable release is PraisonAI version 4.5.96 and earlier. The product is developed by MervinPraison. Users running any version before 4.5.97 are affected and should update to 4.5.97 or later.", "description_and_impact": "PraisonAI Gateway allows unauthenticated access to its WebSocket endpoint and serves agent topology without authentication. Any client can therefore enumerate agents and send arbitrary messages, which may be interpreted as commands or data by the agents and their tool sets. The lack of authentication permits an attacker to potentially trigger unintended behavior, including remote code execution or information disclosure, by manipulating message payloads. This weakness corresponds to missing authentication (CWE-306).", "risk_and_exploitability": "The vulnerability receives a CVSS score of 9.1, indicating critical severity. No EPSS score is available, and the issue is not listed in the CISA KEV catalog, yet the absence of authentication suggests high exploitability from an external network client. Attackers only need to connect to the /ws endpoint, enumerate agents via /info, and send crafted messages. The straightforward access model implies that exploitation can occur without privileged credentials or complex prerequisites."}}}}, "created": "2026-04-06T21:21:50.007858+00:00", "updated": "2026-04-06T22:21:27.260153+00:00", "vendors": ["mervinpraison", "mervinpraison$PRODUCT$praisonai"]}