Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default (no token configured), any local process can send arbitrarily large POST requests to exhaust server memory and cause a denial of service. The Starlette-based server (serve.py) has RequestSizeLimitMiddleware with a 10MB limit, but the WSGI server lacks any equivalent protection. This vulnerability is fixed in 4.5.128.
Published: 2026-04-09
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Exhaustion Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in the WSGI‑based recipe registry server (server.py) of PraisonAI. The server reads the entire HTTP request body into memory using the client‑supplied Content‑Length header without imposing an upper bound. When authentication is disabled by default, any local process can send arbitrarily large POST requests, causing the server to consume all available memory and crash. This issue is a classic instance of uncontrolled resource consumption, categorized as CWE‑770. The result is a denial of service that can leverage local privileges to disrupt the system's availability.

Affected Systems

All installations of PraisonAI prior to release 4.5.128 are impacted. The vulnerability exists in the server.py module of this product from the vendor MervinPraison.

Risk and Exploitability

The CVSS score of 6.2 indicates a medium severity threat. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitability is high for local attackers due to the default lack of authentication and the straightforward ability to send large request payloads. Remote exploitation would require connectivity to the server and may be mitigated by network segmentation, but the local context presents the most likely attack vector. The primary risk is memory exhaustion leading to service interruption rather than confidentiality or integrity compromise.

Generated by OpenCVE AI on April 9, 2026 at 22:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PraisonAI to version 4.5.128 or later.
  • If an upgrade is not yet possible, isolate the recipe registry service behind a firewall or restrict access so that only authorized systems can reach it.
  • Consider disabling the WSGI recipe registry server or replacing it with the Starlette‑based serve.py, which enforces a 10 MB request size limit.

Generated by OpenCVE AI on April 9, 2026 at 22:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2xgv-5cv2-47vv PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS
History

Fri, 17 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Praison
Praison praisonai
CPEs cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*
Vendors & Products Praison
Praison praisonai

Mon, 13 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Mervinpraison
Mervinpraison praisonai
Vendors & Products Mervinpraison
Mervinpraison praisonai

Thu, 09 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default (no token configured), any local process can send arbitrarily large POST requests to exhaust server memory and cause a denial of service. The Starlette-based server (serve.py) has RequestSizeLimitMiddleware with a 10MB limit, but the WSGI server lacks any equivalent protection. This vulnerability is fixed in 4.5.128.
Title PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Mervinpraison Praisonai
Praison Praisonai
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-13T15:37:59.667Z

Reserved: 2026-04-09T01:41:38.537Z

Link: CVE-2026-40115

cve-icon Vulnrichment

Updated: 2026-04-13T15:27:13.969Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-09T22:16:35.143

Modified: 2026-04-17T18:34:53.340

Link: CVE-2026-40115

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:28:55Z

Weaknesses