Vulnerability in Mervinpraison Praisonai
CVE-2026-61428
PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook…
CVSS v3 metric
CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Mervinpraison Praisonai — versions 0, 4.6.78
Weakness classification (CWE)
References
- disclosure@vulncheck.com (vendor-advisory)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2026-61428?
- CVE-2026-61428 is a high-severity vulnerability in Mervinpraison Praisonai, classified under Authentication Bypass by Spoofing. CVSS score: 7.3/10. Published 2026-07-11.
- How severe is CVE-2026-61428?
- High severity. CVSS v3 base score is 7.3 out of 10.