CVE-2026-40116

PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits

Description

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the server's API key. There are no limits on concurrent connections, message rate, or message size, allowing an unauthenticated attacker to exhaust server resources and drain the victim's OpenAI API credits. This vulnerability is fixed in 4.5.128.

INFO

Published Date :

2026-04-09T21:20:24.708Z

Last Modified :

2026-04-09T21:20:24.708Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-40116 vulnerability.

Vendors	Products
Mervinpraison	Praisonai

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40116.

URL	Resource
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q5r4-47m9-5mc7

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact