CVE-2026-40289 | MervinPraison PraisonAI/praisonaiagents WebSocket Endpoint /ws missing authentication (GHSA-8x8f-54wf-vv92)

Inserito da Angelo Barbosa | Apr 14, 2026 | CVE

A vulnerability identified as critical has been detected in MervinPraison PraisonAI and praisonaiagents. This affects an unknown function of the file /ws of the component WebSocket Endpoint. The manipulation leads to missing authentication.

This vulnerability is listed as CVE-2026-40289. The attack may be initiated remotely. There is no available exploit.

You should upgrade the affected component.

CVE-2026-40289 | MervinPraison PraisonAI/praisonaiagents WebSocket Endpoint /ws missing authentication (GHSA-8x8f-54wf-vv92)

Post correlati

CVE-2022-43472 | StylemixThemes eRoom Plugin up to 1.4.6 on WordPress authorization

CVE-2025-8789 | Portabilis i-Educar up to 2.9.0 API Endpoint /module/Api/Diario authorization

CVE-2024-55655 | sigstore-python up to 3.5.x Integration Time missing cryptographic step (GHSA-hhfg-fwrw-87w7)

CVE-2025-23470 | X Villamuera Visit Site Link Enhanced Plugin up to 1.0 on WordPress cross-site request forgery