CVE-2026-56076
Received Received - Intake
Cross-Origin Agent Execution in PraisonAI

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: VulnCheck

Description
PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette's Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-56076
EUVD
EUVD-2026-37960
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
praisonai praisonai to 1.5.128 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-942 The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

PraisonAI before version 1.5.128 has a vulnerability in its AGUI endpoint that allows remote attackers to execute arbitrary agents. This happens because the POST /agui endpoint does not require authentication and uses a hardcoded Access-Control-Allow-Origin: * header. Additionally, the system uses Starlette's JSON parsing which does not depend on the Content-Type header, enabling attackers to bypass CORS preflight checks with simple requests.

As a result, attackers can exfiltrate sensitive information such as tool execution results and environment data from the agent responses.

Impact Analysis

This vulnerability can allow remote attackers to execute arbitrary agents on the affected system without authentication, potentially leading to unauthorized actions.

Attackers can also steal sensitive information including the results of tool executions and environment data, which could compromise system integrity and confidentiality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56076. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart