Résumé
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default
Références
Vulnérabilités liées
Tout Supply chain →- CRITICALGHSA-892R-P3JQ-JP24
PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation
- CRITICALGHSA-X223-P2GF-V735
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
- HIGHGHSA-FQ4X-789W-JG5H
AgenticMail: Unauthenticated inbound mail triggers bypassPermissions resume of the operator's Claude Code session (bridge-wake)
- CRITICALGHSA-J4F3-55X4-R6Q2
npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
- CRITICALGHSA-9752-MHQH-H34F
npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation
- HIGHGHSA-GCQ3-MFVH-3X25
PraisonAI Code agent tools fail open without a workspace boundary