{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/api-abuse/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-40116"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-40116","resource-exhaustion","websocket","api-abuse","cloud"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ePraisonAI, a multi-agent teams system, contains a vulnerability in versions prior to 4.5.128 that exposes the \u003ccode\u003e/media-stream\u003c/code\u003e WebSocket endpoint in its call module. This endpoint lacks authentication or Twilio signature validation, allowing any client to establish a connection. Each successful connection initiates an authenticated session to OpenAI\u0026rsquo;s Realtime API, utilizing the server\u0026rsquo;s API key. Due to the absence of rate limits, connection limits, or message size restrictions, a malicious actor can exploit this vulnerability by creating numerous concurrent connections. This can lead to the exhaustion of server resources and a significant drain on the victim\u0026rsquo;s OpenAI API credits. This vulnerability is addressed and patched in version 4.5.128.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a PraisonAI instance running a vulnerable version (prior to 4.5.128).\u003c/li\u003e\n\u003cli\u003eAttacker establishes a WebSocket connection to the \u003ccode\u003e/media-stream\u003c/code\u003e endpoint of the PraisonAI instance without providing any authentication credentials.\u003c/li\u003e\n\u003cli\u003eThe PraisonAI server, upon receiving the unauthenticated WebSocket connection, creates an authenticated session with the OpenAI Realtime API using its own API key.\u003c/li\u003e\n\u003cli\u003eAttacker sends a large volume of messages through the WebSocket connection, exploiting the lack of message rate limits.\u003c/li\u003e\n\u003cli\u003eAttacker initiates multiple concurrent WebSocket connections to the \u003ccode\u003e/media-stream\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe PraisonAI server becomes overloaded due to the excessive number of connections and message processing demands.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s OpenAI API credits are rapidly depleted as the PraisonAI server processes requests from the attacker\u0026rsquo;s connections.\u003c/li\u003e\n\u003cli\u003eThe PraisonAI server experiences degraded performance or becomes completely unresponsive, impacting legitimate users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability results in resource exhaustion on the PraisonAI server, potentially causing denial of service for legitimate users. Furthermore, it leads to the unauthorized consumption of the victim\u0026rsquo;s OpenAI API credits, resulting in unexpected charges and potential disruption of services reliant on the OpenAI API. The number of affected organizations depends on the prevalence of vulnerable PraisonAI instances deployed.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade PraisonAI installations to version 4.5.128 or later to patch CVE-2026-40116.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on WebSocket connections to the \u003ccode\u003e/media-stream\u003c/code\u003e endpoint to mitigate resource exhaustion.\u003c/li\u003e\n\u003cli\u003eMonitor OpenAI API usage for unexpected spikes in activity that may indicate exploitation of this vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetectSuspiciousPraisonAIWebSocketConnections\u003c/code\u003e to identify potential exploitation attempts by detecting a high number of connections to the \u003ccode\u003e/media-stream\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T22:16:35Z","date_published":"2026-04-09T22:16:35Z","id":"/briefs/2026-04-praisonai-websocket-vuln/","summary":"PraisonAI before version 4.5.128 is vulnerable to resource exhaustion and API credit draining due to the `/media-stream` WebSocket endpoint accepting unauthenticated connections, allowing attackers to exhaust server resources and drain OpenAI API credits.","title":"PraisonAI Unauthenticated WebSocket Allows Resource Exhaustion","url":"https://feed.craftedsignal.io/briefs/2026-04-praisonai-websocket-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — Api-Abuse","version":"https://jsonfeed.org/version/1.1"}