CVE-2026-40289: PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

April 10, 2026 (updated April 14, 2026)

praisonai browser start exposes the browser bridge on 0.0.0.0 by default, and its /ws endpoint accepts websocket clients that omit the Origin header entirely. An unauthenticated network client can connect as a fake controller, send start_session, cause the server to forward start_automation to another connected browser-extension websocket, and receive the resulting action/status stream back over that hijacked session. This allows unauthorized remote use of a connected browser automation session without any credentials.

References

github.com/MervinPraison/PraisonAI
github.com/MervinPraison/PraisonAI/releases/tag/v4.5.139
github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8x8f-54wf-vv92
github.com/advisories/GHSA-8x8f-54wf-vv92
nvd.nist.gov/vuln/detail/CVE-2026-40289

Code Behaviors & Features

Detect and mitigate CVE-2026-40289 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →