Permissive Cross-domain Policy with Untrusted Domains Affecting praisonai package, versions [,4.5.125)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Permissive Cross-domain Policy with Untrusted Domains vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-PYTHON-PRAISONAI-16007030
- published13 Apr 2026
- disclosed10 Apr 2026
- creditoffset
Introduced: 10 Apr 2026
New CVE NOT AVAILABLE CWE-942 (opens in a new tab)How to fix?
Upgrade PraisonAI to version 4.5.125 or higher.
Overview
PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.
Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains in the POST /agui endpoint due to the absence of authentication and the use of a hardcoded Access-Control-Allow-Origin: * header. An attacker can execute arbitrary agent actions and exfiltrate sensitive data by luring a victim to visit a malicious website, which then sends crafted cross-origin requests to a locally running server.
Note: This is only exploitable if the AGUI server is running locally and the victim visits an attacker-controlled website.