CVE-2026-40289: CWE-306: Missing Authentication for Critical Function in MervinPraison PraisonAI
CVE-2026-40289 is a critical vulnerability in MervinPraison's PraisonAI versions below 4. 5. 139 and praisonaiagents below 1. 5. 140. The vulnerability arises from missing authentication on the /ws WebSocket endpoint of the browser bridge component, combined with a bypassable origin check. This allows unauthenticated remote attackers to hijack active browser automation sessions, gaining unauthorized control and access to sensitive data. The issue has been fixed in versions 4. 5. 139 and 1.
AI Analysis
Technical Summary
PraisonAI's browser bridge binds to all network interfaces (0.0.0.0) and only validates the Origin header if present, allowing non-browser clients that omit this header to connect without authentication. An attacker can connect to the /ws WebSocket endpoint, send a start_session message, and hijack the first idle browser-extension WebSocket session. This leads to unauthorized remote control of browser automation sessions, exposure of sensitive page context and automation outputs, and misuse of model-backed browser actions. The vulnerability is identified as CWE-306 (Missing Authentication for Critical Function) and has a CVSS 3.1 score of 9.1 (critical).
Potential Impact
An unauthenticated network attacker can remotely hijack browser automation sessions, gaining unauthorized control and access to sensitive information processed by PraisonAI's browser bridge. This compromises confidentiality and integrity of automation actions and outputs. The vulnerability does not impact availability. Exploitation requires network reachability to the vulnerable service.
Mitigation Recommendations
This vulnerability is fixed in PraisonAI version 4.5.139 and praisonaiagents version 1.5.140. Users should upgrade to these or later versions to remediate the issue. Since the product is not a cloud service, remediation depends on applying these updates. Patch status is not explicitly stated beyond the fixed versions; verify with vendor advisories for the latest guidance.
CVE-2026-40289: CWE-306: Missing Authentication for Critical Function in MervinPraison PraisonAI
Description
CVE-2026-40289 is a critical vulnerability in MervinPraison's PraisonAI versions below 4. 5. 139 and praisonaiagents below 1. 5. 140. The vulnerability arises from missing authentication on the /ws WebSocket endpoint of the browser bridge component, combined with a bypassable origin check. This allows unauthenticated remote attackers to hijack active browser automation sessions, gaining unauthorized control and access to sensitive data. The issue has been fixed in versions 4. 5. 139 and 1.
CVSS v3.1
Score 9.1critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
PraisonAI's browser bridge binds to all network interfaces (0.0.0.0) and only validates the Origin header if present, allowing non-browser clients that omit this header to connect without authentication. An attacker can connect to the /ws WebSocket endpoint, send a start_session message, and hijack the first idle browser-extension WebSocket session. This leads to unauthorized remote control of browser automation sessions, exposure of sensitive page context and automation outputs, and misuse of model-backed browser actions. The vulnerability is identified as CWE-306 (Missing Authentication for Critical Function) and has a CVSS 3.1 score of 9.1 (critical).
Potential Impact
An unauthenticated network attacker can remotely hijack browser automation sessions, gaining unauthorized control and access to sensitive information processed by PraisonAI's browser bridge. This compromises confidentiality and integrity of automation actions and outputs. The vulnerability does not impact availability. Exploitation requires network reachability to the vulnerable service.
Mitigation Recommendations
This vulnerability is fixed in PraisonAI version 4.5.139 and praisonaiagents version 1.5.140. Users should upgrade to these or later versions to remediate the issue. Since the product is not a cloud service, remediation depends on applying these updates. Patch status is not explicitly stated beyond the fixed versions; verify with vendor advisories for the latest guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-10T20:22:44.035Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ddbc3182d89c981fc24dd2
Added to database: 4/14/2026, 4:01:53 AM
Last enriched: 4/21/2026, 6:09:28 AM
Last updated: 5/28/2026, 12:43:34 PM
Views: 127
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.