CVE-2026-40151 Scanner

PraisonAI AgentOS is widely used by enterprises and developers for managing and orchestrating AI agents in various environments. The system is instrumental in deploying AI solutions that require managing multiple agent configurations efficiently. It caters to industries needing intelligent automation and is pivotal in areas like AI-supported customer service and process automations. Companies benefit from its capacity to integrate seamlessly into existing technological stacks and offer enhanced capabilities for agent management. The platform ensures that AI agents can operate optimally, adapting to evolving business needs. PraisonAI AgentOS is praised for its ease of use and robust set of features designed to enhance AI agent operations across domains.

The vulnerability under discussion pertains to an unauthenticated endpoint in the PraisonAI AgentOS FastAPI server. This endpoint allows an attacker to access sensitive information about registered agents such as their names, roles, and related system prompts. The information disclosed can include vital business logic, internal API details, and potentially clues leading to credential discovery. The unprotected nature of this particular route renders the system susceptible to unauthorized data harvesting. This issue highlights a security gap in API access management within the application. The vulnerability emphasizes the importance of robust authentication mechanisms, especially for sensitive API endpoints.

The technical details surrounding this vulnerability involve an unauthenticated GET request to the `/api/agents` endpoint in the AgentOS FastAPI application. This route does not enforce any authentication, making it accessible to any remote attacker. The endpoint provides information that includes agent names and roles, which can be leveraged to gain deeper insights into the system's configuration. Especially concerning is the exposure of system prompts, which may contain proprietary business logic and hints of internal APIs. Given these endpoints are part of a widely used API set-up, they present a significant security risk if left unguarded.

Exploitation of this vulnerability can lead to severe consequences for organizations relying on PraisonAI AgentOS. Unauthorized users could gain access to sensitive data, which in turn might be used to compromise the integrity of the system. Disclosure of internal API references and business logic could pave the way for further attacks on services connected to or dependent on these AI agents. Potential leaks of credential hints pose the risk of broader unauthorized system access. Left unchecked, the vulnerability could facilitate deeper network penetration by malicious entities targeting the disclosed data.

REFERENCES

• https://github.com/MervinPraisonAI/security/advisories/GHSA-pm96-6xpr-978x
• https://nvd.nist.gov/vuln/detail/CVE-2026-40151