How to fix CVE-2026-40289?

Q: How to fix CVE-2026-40289?

Within 24 hours: Identify all systems running PraisonAI browser bridge <4.5.139 or praisonaiagents <1.5.140 and isolate them from untrusted networks (implement network segmentation or temporary firewall rules blocking external access to WebSocket endpoints). Within 7 days: Contact PraisonAI for patch availability status and timeline; if patches are released, prioritize deployment of PraisonAI browser bridge version 4.5.139+ and praisonaiagents version 1.5.140+. Within 30 days: Complete inventory of all PraisonAI deployments, ensure network binding is restricted to 127.0.0.1 or trusted internal subnets only (not 0.0.0.0), and implement network access controls with authentication proxies if internet exposure is required.

CVE-2026-40289

EUVD-2026-22211 CRITICAL

2026-04-14 GitHub_M

GHSA-8x8f-54wf-vv92

Authentication Bypass

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 15:37 vuln.today

cvss_changed

Analysis Generated

Apr 14, 2026 - 04:10 vuln.today

DescriptionNVD

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket endpoint. The server binds to 0.0.0.0 by default and only validates the Origin header when one is present, meaning any non-browser client that omits the header is accepted without restriction. An unauthenticated network attacker can connect, send a start_session message, and the server will route it to the first idle browser-extension WebSocket (effectively hijacking that session) and then broadcast all resulting automation actions and outputs back to the attacker. This enables unauthorized remote control of connected browser automation sessions, leakage of sensitive page context and automation results, and misuse of model-backed browser actions in any environment where the bridge is network-reachable. This issue has been fixed in versions 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents.

AnalysisAI

Unauthenticated remote session hijacking in PraisonAI's browser bridge (versions <4.5.139) and praisonaiagents (<1.5.140) allows network attackers to control browser automation sessions without authentication. The /ws WebSocket endpoint accepts connections from any client omitting the Origin header, enabling attackers to send start_session commands that hijack idle browser-extension sessions and receive all automation outputs. …

RemediationAI

Within 24 hours: Identify all systems running PraisonAI browser bridge <4.5.139 or praisonaiagents <1.5.140 and isolate them from untrusted networks (implement network segmentation or temporary firewall rules blocking external access to WebSocket endpoints). Within 7 days: Contact PraisonAI for patch availability status and timeline; if patches are released, prioritize deployment of PraisonAI browser bridge version 4.5.139+ and praisonaiagents version 1.5.140+. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40289 vulnerability details – vuln.today

Back

CVE-2026-40289

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code