Tag
PraisonAI versions prior to 4.6.78 contain an authentication bypass vulnerability in the Call API agent invocation endpoints when PRAISONAI_CALL_AUTH=disabled is configured, allowing an unauthenticated attacker to remotely list and invoke registered agents by sending a spoofed 'Host: 127.0.0.1' HTTP header.