A vulnerability described as critical has been identified in MervinPraison PraisonAI up to 4.6.77. Impacted is the function agent_invoke of the file src/praisonai/praisonai/api/agent_invoke.py of the component Call API. The manipulation of the argument Hostname results in improper authentication.

This vulnerability is known as CVE-2026-61435. It is possible to launch the attack remotely. No exploit is available.