Vulnerability in Mervinpraison Praisonai

CVE-2026-61428

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook…

CVSS v3 metric

CVSS v3 base score 7.3 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-61428?
CVE-2026-61428 is a high-severity vulnerability in Mervinpraison Praisonai, classified under Authentication Bypass by Spoofing. CVSS score: 7.3/10. Published 2026-07-11.
How severe is CVE-2026-61428?
High severity. CVSS v3 base score is 7.3 out of 10.