CVE-2026-56076
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
18/06/2026
Last modified:
22/06/2026
Description
PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette's Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data.
Impact
Base Score 4.0
8.60
Severity 4.0
HIGH
Base Score 3.x
8.10
Severity 3.x
HIGH
References to Advisories, Solutions, and Tools
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x462-jjpc-q4q4
- https://www.vulncheck.com/advisories/praisonai-cross-origin-agent-execution-via-hardcoded-wildcard-cors-and-missing-authentication-on-agui-endpoint
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x462-jjpc-q4q4



