CVE-2026-61428 in PraisonAI
Summary
by MITRE • 07/11/2026
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and trigger replies to attacker-controlled addresses, bypassing sender allow/block lists.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/11/2026
The vulnerability in PraisonAI AgentMail versions prior to 4.6.78 represents a critical security flaw that undermines the integrity of message authentication mechanisms within webhook processing capabilities. This weakness stems from the absence of cryptographic signature verification during message handling, creating an avenue for malicious actors to exploit the system's trust model. The vulnerability specifically affects the webhook mode operation where the agent processes incoming message.received events through HTTP endpoints designed for automated message flow management.
The technical implementation flaw resides in the lack of authentication checks that should validate the authenticity of incoming webhook requests before processing them as legitimate messages. When attackers POST crafted message.received events to the configured webhook endpoint, they can manipulate the sender address field within the event payload to appear as if messages are originating from trusted sources. This spoofing capability bypasses existing security controls including sender allow lists and block lists that administrators have configured to protect against unauthorized communication channels.
The operational impact of this vulnerability extends beyond simple message injection, as attackers can leverage the spoofed addresses to trigger automated replies from the agent system. These responses can include sensitive information disclosure, further escalation of attacks through relay mechanisms, or social engineering campaigns that exploit the trusted appearance of the spoofed sender addresses. The vulnerability enables attackers to effectively impersonate legitimate users or systems within the network, potentially leading to unauthorized access to downstream services or data exfiltration.
Security implications of this flaw align with CWE-347, which addresses weaknesses in authentication mechanisms and improper validation of cryptographic signatures. The vulnerability also maps to ATT&CK technique T1078.004 for valid accounts and T1566 for social engineering through spoofed communications. Organizations using PraisonAI AgentMail in webhook mode face significant risk exposure where attackers can manipulate automated workflows without requiring authentication credentials, potentially leading to persistent access or data compromise.
Recommended mitigations include immediate upgrade to PraisonAI AgentMail version 4.6.78 or later, which implements proper signature verification for webhook requests. Administrators should also implement additional network-level controls such as IP whitelisting for webhook endpoints, enable detailed logging of webhook activity for monitoring purposes, and configure strict access controls on the webhook interfaces. Organizations should conduct thorough security assessments to identify any potential exploitation that may have occurred before implementing the patch, while also reviewing their overall message processing workflows for similar authentication gaps in other components.