CVE-2026-40115
Published: 09 April 2026
Summary
CVE-2026-40115 is a medium-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Praison Praisonai. Its CVSS base score is 6.2 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 16.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-5 directly protects against denial-of-service attacks like memory exhaustion from unbounded HTTP request body allocation based on client-supplied Content-Length.
SI-9 restricts the amount of information input into the system, preventing large POST requests from exhausting server memory in the WSGI server.
SC-6 ensures resource availability by controlling allocation and monitoring usage, mitigating unbounded memory consumption from oversized requests.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables exploitation of the application via unbounded resource allocation to cause server exhaustion and denial of service.
NVD Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default…
more
(no token configured), any local process can send arbitrarily large POST requests to exhaust server memory and cause a denial of service. The Starlette-based server (serve.py) has RequestSizeLimitMiddleware with a 10MB limit, but the WSGI server lacks any equivalent protection. This vulnerability is fixed in 4.5.128.
Deeper analysisAI
CVE-2026-40115 is a denial-of-service vulnerability in PraisonAI, an open-source multi-agent teams system, affecting versions prior to 4.5.128. The issue resides in the WSGI-based recipe registry server (server.py), which reads the entire HTTP request body into memory based solely on the client-supplied Content-Length header without any upper bound. This contrasts with the Starlette-based server (serve.py), which includes RequestSizeLimitMiddleware limiting requests to 10MB. Authentication is disabled by default with no token configured, exacerbating the risk. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling) with a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A local attacker can exploit this vulnerability by sending arbitrarily large POST requests to the WSGI server, causing it to allocate excessive memory and leading to server exhaustion and denial of service. No privileges or user interaction are required, and the low attack complexity makes it accessible to any local process on the host system.
The GitHub security advisory (GHSA-2xgv-5cv2-47vv) confirms the vulnerability was fixed in PraisonAI version 4.5.128, recommending users upgrade to this or later versions to mitigate the issue.
PraisonAI's focus on multi-agent teams suggests relevance to AI/ML workflows, though no evidence of real-world exploitation has been reported as of the CVE publication on 2026-04-09.
Details
- CWE(s)