CVE-2026-40289 — CRITICAL (9.1)

Q: How severe is CVE-2026-40289?

CVE-2026-40289 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2026-40289?

Check the references section above for vendor advisories and patch information. Affected products include: Praison Praisonai, Praison Praisonaiagents.

Vulnerability Description

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket endpoint. The server binds to 0.0.0.0 by default and only validates the Origin header when one is present, meaning any non-browser client that omits the header is accepted without restriction. An unauthenticated network attacker can connect, send a start_session message, and the server will route it to the first idle browser-extension WebSocket (effectively hijacking that session) and then broadcast all resulting automation actions and outputs back to the attacker. This enables unauthorized remote control of connected browser automation sessions, leakage of sensitive page context and automation results, and misuse of model-backed browser actions in any environment where the bridge is network-reachable. This issue has been fixed in versions 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Praison	Praisonai	< 4.5.139
Praison	Praisonaiagents	< 1.5.140

Related Weaknesses (CWE)

CWE-306

References

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8x8f-54wf-vvExploitVendor Advisory

FAQ

What is CVE-2026-40289?

CVE-2026-40289 is a vulnerability with a CVSS score of 9.1 (CRITICAL). PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote ses...

How severe is CVE-2026-40289?

CVE-2026-40289 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-40289?

Check the references section above for vendor advisories and patch information. Affected products include: Praison Praisonai, Praison Praisonaiagents.