What is CVE-2026-40289 — RCE in praisonaiagents?

CVE-2026-40289 is a critical remote code execution vulnerability in praisonaiagents versions up to 1.5.99, allowing attackers to hijack browser automation sessions without credentials.

Am I affected by CVE-2026-40289 in praisonaiagents?

Yes, if you are running praisonaiagents version 1.5.99 or earlier, you are vulnerable to this attack. Upgrade to 1.5.140 immediately.

How do I fix CVE-2026-40289 in praisonaiagents?

Upgrade praisonaiagents to version 1.5.140 or later. If upgrading is not possible, isolate the server and implement network segmentation.

Is CVE-2026-40289 being actively exploited?

There is currently no confirmed active exploitation, but the vulnerability's severity and ease of exploitation suggest it is a high-priority risk.

Where can I find the official praisonaiagents advisory for CVE-2026-40289?

Refer to the praisonaiagents project's official security advisories and release notes for details and updates.

CVE-2026-40289 — Vulnerability Details

NEXTGUARD

Escanear gratis

CVE-2026-40289 — Vulnerability Details | NextGuard

Pasos de Deteccióntraduciendo…

• python / server:

  ps aux | grep praisonaiagents

• python / server:

  journalctl -u praisonaiagents --since "1 hour ago" | grep "websocket connection"

• generic web:

  curl -I http://<praisonaiagents_server>/ws

• generic web:

  grep -r "start_session" /etc/praisonaiagents/config.yaml

PraisonAI Browser Server permite a clientes WebSocket no autenticados secuestrar sesiones de extensión conectadas

Impacto y Escenarios de Ataquetraduciendo…

Contexto de Explotacióntraduciendo…

Quién Está en Riesgotraduciendo…

Pasos de Deteccióntraduciendo…

Cronología del Ataque

Inteligencia de Amenazas

Software Afectado

Clasificación de Debilidad (CWE)

Cronología

Mitigación y Workaroundstraduciendo…

Cómo corregirlo

Boletín de seguridad CVE

Preguntas frecuentestraduciendo…

What is CVE-2026-40289 — RCE in praisonaiagents?

Am I affected by CVE-2026-40289 in praisonaiagents?

How do I fix CVE-2026-40289 in praisonaiagents?

Is CVE-2026-40289 being actively exploited?

Where can I find the official praisonaiagents advisory for CVE-2026-40289?

¿Tu proyecto está afectado?

Detecta esta CVE en tu proyecto