EUVD-2026-37960

PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: headers, combined with Starlette's...

CVE-2026-56076

PrajionAI CVE-2026-56076 affects PraisonAI before 1.5.128. The vulnerability is a cross-origin agent execution via the AGUI endpoint (/agui): the endpoint lacks authentication and returns a wildcard CORS header (Access-Control-Allow-Origin: *). Combined with Starlette’s Content-Type-agnostic JSON...

Permissive Cross-domain Policy with Untrusted Domains

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

PraisonAI: Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint

Summary The AGUI endpoint POST /agui has no authentication and hardcodes Access-Control-Allow-Origin: on all responses. Combined with Starlette/FastAPI's Content-Type-agnostic JSON parsing, any website a victim visits can silently trigger arbitrary agent execution against a locally-running AGUI...