{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39889", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-07T20:32:03.011Z", "datePublished": "2026-04-08T20:44:24.276Z", "dateUpdated": "2026-04-08T20:44:24.276Z"}, "containers": {"cna": {"title": "PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "lang": "en", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-f292-66h9-fpmf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-f292-66h9-fpmf"}], "affected": [{"vendor": "MervinPraison", "product": "PraisonAI", "versions": [{"version": "< 4.5.115", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-08T20:44:24.276Z"}, "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe, /a2u/events/{stream_name}, /a2u/events/sub/{id}, and /a2u/health. This vulnerability is fixed in 4.5.115."}], "source": {"advisory": "GHSA-f292-66h9-fpmf", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe, /a2u/events/{stream_name}, /a2u/events/sub/{id}, and /a2u/health. This vulnerability is fixed in 4.5.115."}], "id": "CVE-2026-39889", "lastModified": "2026-04-08T21:25:14.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-08T21:17:01.130", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-f292-66h9-fpmf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.5.115)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PraisonAI", "source": "cna", "vendor": "MervinPraison"}, "product": "praisonai", "vendor": "mervinpraison"}], "analysis": {"en": {"generated_at": "2026-04-08T22:28:17.881377+00:00", "value": {"mitigation_remediation": ["Apply the latest PraisonAI release (4.5.115 or newer) to remove the unauthenticated endpoints", "Verify that the server no longer serves /a2u/* routes without authentication", "If an upgrade cannot be performed immediately, restrict network access to the A2U server using firewall rules or VPN so that only authorized users can connect", "After patching, monitor logs for any attempts to access the SSE streams and confirm access control is enforced"], "summary": {"action": "Immediate Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to PraisonAI builds prior to version 4.5.115. Endpoints such as /a2u/info, /a2u/subscribe, /a2u/events/{stream_name}, /a2u/events/sub/{id}, and /a2u/health are unprotected and may be accessed by anyone able to reach the A2U server. No other vendors or products are currently reported impacted.", "description_and_impact": "PraisonAI\u2019s Agent-to-User event stream server lacks authentication checks, allowing any user to subscribe to server-sent events and view complete agent activity logs. This results in a confident\u2011space compromise, exposing private operational details, potential credentials, and internal communications. The weakness is classified as CWE\u2011200, a classic information\u2011disclosure vulnerability that can be exploited to learn sensitive system data without needing privileged access.", "risk_and_exploitability": "The CVSS base score of 7.5 indicates moderate\u2011to\u2011high severity. Although EPSS data is unavailable, the lack of authentication means an attacker only needs network access to the server, and no additional conditions or privileges are required. The vulnerability is not logged in the CISA KEV catalog, suggesting no mass exploitation yet, but the exposure of full agent activity poses significant risk to confidentiality and operational integrity. Because the attack vector is remote HTTP, any exposed network surface could be used by threat actors."}}}}, "created": "2026-04-09T08:17:51.523543+00:00", "updated": "2026-04-09T08:27:14.934255+00:00", "vendors": ["mervinpraison", "mervinpraison$PRODUCT$praisonai"]}