CVE-2026-56076

Summary

PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette's Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data.

Affected Software

VendorProductVersion RangeStatus
PraisonAIPraisonAI0 < 1.5.128affected
PraisonAIPraisonAI1.5.128unaffected

Weaknesses

  • CWE-942: Permissive Cross-domain Security Policy with Untrusted Domains

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References