Product

Praisonai (>= 4.5.115, < 4.6.61)

1 brief RSS

PraisonAI A2U Incomplete Authentication Fix (GHSA-jxcw-qp4h-6jfq)

An incomplete fix in PraisonAI's `praisonai serve a2u` command leaves the A2U Agent-to-User event stream server unauthenticated by default, potentially exposing sensitive agent event streams to any attacker who can reach the server, bypassing intended authentication mechanisms for versions `4.5.115` to `4.6.60`.

praisonai incomplete-fix authentication-bypass api-server misconfiguration data-exposure

3r 3t 2d ago