What happened
CVE-2026-56076 is an unauthenticated cross-origin agent execution vulnerability. The /agui POST endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: *, allowing attacker-controlled webpages to trigger agent execution via cross-origin requests.
Why it matters
A malicious website can trigger arbitrary agent execution on any visitor's running PraisonAI instance, leading to code execution, data exfiltration, or lateral movement into connected systems.
Attack vector
The POST /agui endpoint in PraisonAI lacks authentication and hardcodes Access-Control-Allow-Origin: *. Attacker crafts a malicious webpage that issues cross-origin requests to /agui, triggering arbitrary agent execution. Starlette content-negotiation allows attacker to control request processing.
Affected systems
PraisonAI < 1.5.128
Mitigation
Upgrade to PraisonAI 1.5.128 or later. Require authentication on /agui endpoint. Remove or restrict CORS headers.