PatchSiren cyber security CVE debrief
CVE-2026-56076 PraisonAI CVE debrief
CVE-2026-56076 is a high-severity vulnerability in PraisonAI, a tool with an unknown vendor, that allows remote attackers to execute arbitrary agent actions. This is possible because the AGUI endpoint lacks authentication and has hardcoded wildcard CORS headers. Specifically, the POST /agui endpoint does not require authentication and includes 'Access-Control-Allow-Origin: *' headers. When combined with Starlette's Content-Type-agnostic JSON parsing, this enables attackers to bypass CORS preflight checks using simple requests. Successful exploitation can lead to the exfiltration of sensitive agent responses, including tool execution results and environment data. The vulnerability has a CVSS score of 8.6 and is considered HIGH severity. Organizations using PraisonAI versions before 1.5.128 should take immediate action to mitigate this risk.
- Vendor
- PraisonAI
- Product
- Unknown
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-18
- Original CVE updated
- 2026-06-22
- Advisory published
- 2026-06-18
- Advisory updated
- 2026-06-22
Who should care
Security teams and administrators responsible for PraisonAI installations, particularly those using versions before 1.5.128, should be aware of this vulnerability. Given the high severity and potential for sensitive data exposure, immediate attention is required to prevent exploitation.
Technical summary
The vulnerability exists in the AGUI endpoint of PraisonAI, specifically in the POST /agui endpoint. This endpoint lacks authentication mechanisms, allowing unauthorized access. Furthermore, the endpoint is configured with 'Access-Control-Allow-Origin: *' headers, which, in conjunction with Starlette's flexible JSON parsing, enables cross-origin requests to bypass standard CORS preflight checks. This allows attackers to execute arbitrary agent actions and exfiltrate sensitive information, including execution results and environment data.
Defensive priority
High
Recommended defensive actions
- Upgrade PraisonAI to version 1.5.128 or later to patch the vulnerability.
- Implement proper authentication mechanisms for the AGUI endpoint.
- Restrict CORS headers to only allow trusted origins.
- Monitor AGUI endpoint activity for suspicious requests.
- Limit the exposure of sensitive agent responses.
- Conduct regular security audits to identify similar vulnerabilities.
Evidence notes
The information provided is based on data from the National Vulnerability Database (NVD) and Vulncheck. The CVE record and NVD detail pages offer comprehensive information about the vulnerability, including its CVSS score, vector, and references.
Official resources
CVE-2026-56076 was published and modified on 2026-06-18T23:16:19.490Z.