PYSEC-2026-1862

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/rasa-pro/PYSEC-2026-1862.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1862
Aliases
Published
2026-07-07T16:02:51.197156Z
Modified
2026-07-07T17:47:00.413033070Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
Rasa Pro Missing Authentication For Voice Connector APIs
Details

Vulnerability

A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source.

This impacts the following connectors:

  • audiocodes_stream
  • genesys
  • jambonz

As part of our investigation to resolve this issue, we have also performed a security review of our other voice channel connectors:

  • browser_audio: Does not support authentication. This is a development channel not intended for production use.
  • twilio_media_streams, twilio_voice and jambonz: Authentication is currently not supported by these channels, but our investigation has found a way for us to enable it for these voice channel connectors in a future Rasa Pro release.

Fix

The issue has been resolved for audiocodes, audiocodes_stream, and genesys connectors. Fixed versions of Rasa Pro have been released for 3.9.20, 3.10.19, 3.11.7 and 3.12.6. Please update to a fixed release.

If you are using one of the affected connectors, we strongly recommend upgrading to a fixed version. For connectors where authentication is not supported (e.g., Twilio), we suggest taking extra caution and considering other compensating controls if applicable.

References

Affected packages

PyPI / rasa-pro

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.20
Introduced
3.10.0
Fixed
3.10.19
Introduced
3.11.0
Fixed
3.11.7
Introduced
3.12.0
Fixed
3.12.6

Affected versions

0.*
0.0.1
0.0.1.post1
3.*
3.8.16
3.8.17
3.8.18
3.9.14
3.9.15
3.9.16
3.9.17
3.9.18
3.9.19
3.10.3
3.10.4
3.10.5
3.10.6
3.10.7.dev1
3.10.7.dev2
3.10.7.dev3
3.10.7.dev4
3.10.7.dev5
3.10.7
3.10.8
3.10.9.dev1
3.10.9
3.10.10
3.10.11
3.10.12
3.10.13a1
3.10.13
3.10.14
3.10.15
3.10.16
3.10.17
3.10.18
3.11.0
3.11.1
3.11.2
3.11.3a1.dev1
3.11.3a1.dev2
3.11.3a1.dev4
3.11.3a1.dev5
3.11.3a1.dev6
3.11.3a1.dev7
3.11.3
3.11.4
3.11.5
3.11.6
3.12.0
3.12.1.dev1
3.12.1.dev2
3.12.1
3.12.2.dev2
3.12.2.dev3
3.12.2.dev4
3.12.2
3.12.3
3.12.4
3.12.5
3.12.6.dev1
3.12.6.dev2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/rasa-pro/PYSEC-2026-1862.yaml"