PraisonAI Browser Bridge Critical Session Hijacking

/CRITICAL
SCW vulnerabilitycvecriticalhigh-severitycwe-306
PraisonAI Browser Bridge Critical Session Hijacking

The National Vulnerability Database (NVD) has issued a critical advisory for PraisonAI and praisonaiagents, multi-agent systems that leverage browser automation. Designated CVE-2026-40289, this vulnerability allows for unauthenticated remote session hijacking within the browser bridge, specifically affecting versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents. The core issue lies in a missing authentication mechanism and a bypassable origin check on the /ws WebSocket endpoint.

According to the NVD, the server, which binds to 0.0.0.0 by default, only validates the Origin header when it’s present. This oversight means any non-browser client can connect without restriction by simply omitting the header. An unauthenticated network attacker can then send a start_session message, effectively hijacking the first idle browser-extension WebSocket. This grants them unauthorized remote control over connected browser automation sessions, enabling data exfiltration of sensitive page context and automation results, and potential misuse of model-backed browser actions from any network-reachable bridge. This is a severe oversight, categorized under CWE-306 (Missing Authentication for Critical Function), and has been patched in the specified updated versions.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1078.004 Cloud Accounts Persistence T1557.001 Man-in-the-Browser Credential Access

🛡️ Detection Rules

5 rules · 5 SIEM formats

5 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, and QRadar AQL.

high T1190 Initial Access

Web Application Exploitation Attempt — CVE-2026-40289

Sigma Splunk SPL Sentinel KQL Elastic QRadar AQL

Get this rule in your SIEM's native format — copy, paste, detect. No manual conversion.

5 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get Detection Rules →

Indicators of Compromise

IDTypeIndicator
CVE-2026-40289 Auth Bypass PraisonAI versions below 4.5.139
CVE-2026-40289 Auth Bypass praisonaiagents versions below 1.5.140
CVE-2026-40289 Remote Session Hijacking PraisonAI browser bridge (praisonai browser start) missing authentication
CVE-2026-40289 Remote Session Hijacking PraisonAI browser bridge /ws WebSocket endpoint bypassable origin check
CVE-2026-40289 Remote Session Hijacking PraisonAI browser bridge binds to 0.0.0.0 by default, accepts connections without Origin header

By Shimi's Cyber World Editorial

Related Posts

Critical RCE Flaw Hits NuGet Gallery Backend

CVE-2026-39399 — NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-20cwe-22
/CRITICAL /⚑ 4 IOCs

BoidCMS LFI to RCE: A Critical Template Flaw

CVE-2026-39387 — BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are...

vulnerabilityCVEhigh-severityremote-code-executioncwe-98
/HIGH /⚑ 4 IOCs

Nanobot AI: WebSocket Hijack Puts WhatsApp Sessions at Risk

CVE-2026-35589 — nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server...

vulnerabilityCVEhigh-severitycwe-1385
/HIGH /⚑ 5 IOCs