GHSA-5fr5-2c3f-3fcrHighCVSS 8.1
PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI...
🔗 CVE IDs covered (1)
📋 Description
PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette's Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data.
🔗 References (4)
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x462-jjpc-q4q4
- https://nvd.nist.gov/vuln/detail/CVE-2026-56076
- https://www.vulncheck.com/advisories/praisonai-cross-origin-agent-execution-via-hardcoded-wildcard-cors-and-missing-authentication-on-agui-endpoint
- https://github.com/advisories/GHSA-5fr5-2c3f-3fcr