Product
PraisonAI Browser Server is vulnerable to unauthenticated WebSocket client hijacking due to exposing the browser bridge on 0.0.0.0 by default and accepting WebSocket clients that omit the Origin header, allowing unauthorized remote use of a connected browser automation session.