Platform
python
Component
praisonaiagents
Fixed in
4.5.140
1.5.141
1.5.140
CVE-2026-40289 is a critical remote code execution (RCE) vulnerability affecting praisonaiagents versions up to 1.5.99. The vulnerability arises from the browser bridge exposing a websocket endpoint without proper Origin header validation, allowing attackers to hijack browser automation sessions. A fix is available in version 1.5.140, and users are strongly advised to upgrade immediately.
This vulnerability allows an unauthenticated attacker on the same network to remotely control a connected browser automation session. By sending a crafted startsession message, the attacker can trigger startautomation to be forwarded to a browser extension, effectively taking over the session. The attacker can then receive the resulting action/status stream, gaining unauthorized access to sensitive data and potentially executing malicious code within the browser context. The blast radius extends to any data processed or accessed by the hijacked browser automation, including credentials, financial information, and personal data.
This vulnerability was publicly disclosed on 2026-04-10. There is currently no indication of active exploitation in the wild, but the ease of exploitation and the critical severity warrant immediate attention. No KEV listing is present as of this writing. Public proof-of-concept code is likely to emerge given the vulnerability's nature.
Exploit Status
EPSS
0.07% (20% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade praisonaiagents to version 1.5.140 or later. If upgrading is not immediately feasible, consider isolating the praisonaiagents server from external network access to prevent unauthorized connections. Implement strict network segmentation to limit the potential impact of a successful attack. While a WAF or proxy cannot directly address the missing Origin header validation, it can be configured to block suspicious websocket traffic patterns. After upgrading, confirm the fix by attempting to connect to the /ws endpoint from a remote machine without providing an Origin header; the connection should be rejected.
Update PraisonAI to version 4.5.139 or higher, and praisonaiagents to version 1.5.140 or higher. These versions implement more robust authentication validation and origin verification for the /ws WebSocket endpoint, mitigating the risk of session hijacking.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-40289 is a critical remote code execution vulnerability in praisonaiagents versions up to 1.5.99, allowing attackers to hijack browser automation sessions without credentials.
Yes, if you are running praisonaiagents version 1.5.99 or earlier, you are vulnerable to this attack. Upgrade to 1.5.140 immediately.
Upgrade praisonaiagents to version 1.5.140 or later. If upgrading is not possible, isolate the server and implement network segmentation.
There is currently no confirmed active exploitation, but the vulnerability's severity and ease of exploitation suggest it is a high-priority risk.
Refer to the praisonaiagents project's official security advisories and release notes for details and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.