Is this vulnerability remotely exploitable over the internet?

It can be, but only if the PraisonAI browser bridge is exposed beyond trusted networks. If the `/ws` endpoint is bound to `0.0.0.0` and reachable from the internet without an upstream access control layer, an external attacker could connect and hijack sessions. In more locked-down environments, the risk is limited to whoever has network access to the host or internal segment where the bridge runs.

Does an attacker need valid credentials or a browser to exploit this?

No credentials are required. The attack can be performed by any WebSocket-capable client library as long as it can reach the bridge endpoint. Because the server only checks the Origin header when present, a non-browser client that omits Origin is accepted without authentication, enabling unauthenticated control.

What is the safest general fix pattern for developers?

The most robust pattern is to treat the WebSocket bridge as a privileged API and require explicit, verifiable authentication and authorization on every connection. This typically means integrating the WebSocket handshake with the same auth mechanisms used for HTTP (tokens, sessions, or mutual TLS) and enforcing that only authenticated, authorized principals can start or attach to browser sessions. Origin checks should be retained as an additional layer, not a primary control.

Severity:

CRITICAL RISK

(9.1)

Missing Authentication for WebSocket Browser Bridge (CWE-306) in PraisonAI Multi-Agent Browser Sessions

CVE-2026-40289

Published:

Apr 13, 2026

Status:

Analyzed

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

NDV

Recent Vulnerabilities

CWE-74;CWE-89

HIGH RISK

HIGH

(7.3)

SQL Injection via Unsanitized ID Parameter (CWE-89) in Pharmacy Sales and Inventory System /ajax.php

Database Compromise and Data Integrity Loss

April 27, 2026

CWE-863

HIGH RISK

HIGH

(8.5)

Incorrect Authorization (CWE-863) in OpenClaw chat.send Session Management

Privilege Escalation and Unauthorized Session Control

April 27, 2026

Vulnerability Type

Category:

Missing Authentication / Broken Session Enforcement

CWE:

CWE-306

Impact:

Unauthenticated Remote Session Hijacking and Unauthorized Browser Automation Control

Severity:

CRITICAL RISK

(9.1)

CVSS Version:

3.1

Vulnerability Type

Category:

Missing Authentication / Broken Session Enforcement

CWE:

CWE-306

Impact:

Unauthenticated Remote Session Hijacking and Unauthorized Browser Automation Control

Severity:

CRITICAL RISK

(9.1)

CVSS Version:

3.1

Catch This CVE While Code Is Being Written

Detect vulnerable code directly in pull requests, so CVEs are fixed before merge.

Get Started

Ship clean & secure code faster

START 14 DAYS FREE TRIAL

BOOK A DEMO

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Missing Authentication for WebSocket Browser Bridge (CWE-306) in PraisonAI Multi-Agent Browser Sessions

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

Recent Vulnerabilities

HIGH RISK

HIGH

(7.3)

SQL Injection via Unsanitized ID Parameter (CWE-89) in Pharmacy Sales and Inventory System /ajax.php

HIGH RISK

HIGH

(8.5)

Incorrect Authorization (CWE-863) in OpenClaw chat.send Session Management

Vulnerability Type

Vulnerability Type

Vulnerability Type

Catch This CVE While Code Is Being Written

Ship clean & secure code faster

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare