CVE-2026-40289

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.139 praisonaiagents versions prior to 1.5.140

Description The browser bridge is susceptible to unauthenticated remote session hijacking. This occurs due to a lack of authentication and a bypassable origin check on the '/ws' WebSocket endpoint. The server binds to 0.0.0.0 by default and only validates the Origin header when it is provided, allowing non-browser clients that omit this header to connect without restriction. An attacker can send a start session message, which the server routes to the first idle browser-extension WebSocket, effectively hijacking the session. This allows the attacker to receive all resulting automation actions and outputs, leading to unauthorized remote control of connected browser automation sessions, leakage of sensitive page context, and misuse of model-backed browser actions in environments where the bridge is network-reachable.

Recommendations Update PraisonAI to version 4.5.139 or later. Update praisonaiagents to version 1.5.140 or later.