PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and trigger replies to attacker-controlled addresses, bypassing sender allow/block lists.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
PraisonAI AgentMail versions prior to 4.6.78 contain a critical authentication bypass vulnerability in their webhook implementation. The vulnerability stems from absent signature verification on incoming webhook events, specifically the message.received event handler. This allows unauthenticated attackers to POST crafted payloads directly to the webhook endpoint, injecting messages with spoofed sender addresses into the agent system. Affected organizations running vulnerable versions of PraisonAI AgentMail are at risk of message injection attacks, where adversaries can manipulate agent responses, trigger automated replies to attacker-controlled addresses, and circumvent configured sender allow/block lists—potentially leading to credential harvesting, social engineering, or further lateral movement within integrated systems.
While this CVE doesn't map to specific MITRE ATT&CK techniques, Casky's platform would identify the underlying attack patterns associated with CWE-290 (Improper Authentication) by analyzing webhook request patterns and authentication enforcement. Practitioners using Casky would observe detection signals around: (1) unauthenticated POST requests to webhook endpoints lacking cryptographic signature validation, (2) message injection attempts with modified sender headers bypassing list-based controls, and (3) anomalous reply routing to external addresses. Casky's extended reasoning capabilities would help practitioners correlate these signals to recognize authentication bypass techniques and implement compensating controls—such as IP allowlisting, request signing mechanisms, or WAF rules—while awaiting patches to version 4.6.78 or later.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-61428. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation