CVE-2026-40289

PraisonAI · PraisonAI and praisonaiagents

PraisonAI and praisonaiagents are vulnerable to unauthenticated remote session hijacking via the /ws WebSocket endpoint.

Executive summary

Unauthenticated remote session hijacking in PraisonAI allows attackers to take control of browser automation sessions and leak sensitive data.

Vulnerability

The browser bridge is vulnerable to session hijacking due to missing authentication and a bypassable origin check on the /ws WebSocket endpoint. An unauthenticated attacker can route automation actions to their own control, effectively hijacking active browser sessions.

Business impact

The CVSS score of 9.1 highlights the danger of this vulnerability, which allows an attacker to remotely control browser automation sessions. This can result in the leakage of sensitive page context, unauthorized execution of model-backed browser actions, and potential compromise of any automation results. The lack of authentication makes this an attractive target for network-adjacent attackers.

Remediation

Immediate Action: Upgrade PraisonAI to version 4.5.139 or higher and praisonaiagents to version 1.5.140 or higher immediately.

Proactive Monitoring: Inspect network traffic for unauthorized connections to the WebSocket endpoint and review automation logs for unexpected session initiation commands.

Compensating Controls: Ensure the browser bridge is not exposed to the public internet and use network-level controls to restrict access to the WebSocket service to authorized management IPs only.

Exploitation status

Public Exploit Available: No

Analyst recommendation

The vulnerability allows for complete session hijacking, posing a significant risk to data privacy and automation integrity. Organizations using these tools must apply the specified updates immediately to ensure session security and prevent unauthorized remote control.