CVE-2026-56076 | THREATINT

Description

PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette's Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data.

PUBLISHED Reserved 2026-06-18 | Published 2026-06-18 | Updated 2026-06-18 | Assigner VulnCheck

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Problem types

Permissive Cross-domain Security Policy with Untrusted Domains

Product status

Default status

unaffected

Any version before 1.5.128

affected

1.5.128 (semver)

unaffected

Credits

offset reporter

References

github.com/...isonAI/security/advisories/GHSA-x462-jjpc-q4q4 (GHSA Advisory GHSA-x462-jjpc-q4q4) vendor-advisory

www.vulncheck.com/...missing-authentication-on-agui-endpoint (VulnCheck Advisory: PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint) third-party-advisory

cve.org (CVE-2026-56076)

nvd.nist.gov (CVE-2026-56076)

Download JSON