CVE-2026-40289
PraisonAI · PraisonAI and praisonaiagents
PraisonAI and praisonaiagents are vulnerable to unauthenticated remote session hijacking via the /ws WebSocket endpoint.
Executive summary
Unauthenticated remote session hijacking in PraisonAI allows attackers to take control of browser automation sessions and leak sensitive data.
Vulnerability
The browser bridge is vulnerable to session hijacking due to missing authentication and a bypassable origin check on the /ws WebSocket endpoint. An unauthenticated attacker can route automation actions to their own control, effectively hijacking active browser sessions.
Business impact
The CVSS score of 9.1 highlights the danger of this vulnerability, which allows an attacker to remotely control browser automation sessions. This can result in the leakage of sensitive page context, unauthorized execution of model-backed browser actions, and potential compromise of any automation results. The lack of authentication makes this an attractive target for network-adjacent attackers.
Remediation
Immediate Action: Upgrade PraisonAI to version 4.5.139 or higher and praisonaiagents to version 1.5.140 or higher immediately.
Proactive Monitoring: Inspect network traffic for unauthorized connections to the WebSocket endpoint and review automation logs for unexpected session initiation commands.
Compensating Controls: Ensure the browser bridge is not exposed to the public internet and use network-level controls to restrict access to the WebSocket service to authorized management IPs only.
Exploitation status
Public Exploit Available: No
Analyst recommendation
The vulnerability allows for complete session hijacking, posing a significant risk to data privacy and automation integrity. Organizations using these tools must apply the specified updates immediately to ensure session security and prevent unauthorized remote control.