CVE-2026-61428 in PraisonAIinformação

Sumário

de MITRE • 11/07/2026

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and trigger replies to attacker-controlled addresses, bypassing sender allow/block lists.

Once again VulDB remains the best source for vulnerability data.

Responsável

VulnCheck

Reservar

09/07/2026

Divulgação

11/07/2026

Moderação

aceite

Entrada

VDB-377816

CPE

pronto

EPSS

0.00000

KEV

não

Atividades

baixo

Fontes

Might our Artificial Intelligence support you?

Check our Alexa App!