CVE-2026-56076
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk39th percentile - higher than 39% of all known CVEs
Summary
PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, enabling attackers to bypass CORS preflight checks.
Risk Assessment
Attackers can access sensitive agent responses, including tool execution results and environment data, potentially leading to the exposure of confidential information within the organization.
Recommendation
It is recommended to update PraisonAI to version 1.5.128 or later and implement appropriate authentication mechanisms in the AGUI endpoint.
Original NVD description (English source)
PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette's Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data.

