PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Briefly

"“PraisonAI ships a legacy Flask API server with authentication disabled by default,” according to an advisory released by the maintainers earlier this month. “When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow through /chat without providing a token.”"

"Specifically, the legacy Flask-based API server, src/praisonai/api_server.py, hard-codes AUTH_ENABLED = False and AUTH_TOKEN = None. According to PraisonAI, successful exploitation of the flaw can have varied impacts, including - Unauthenticated enumeration of the configured agent file through /agents; Unauthenticated triggering of the locally configured “agents.yaml” workflow through /chat; Repeated consumption of the model/API quota; Exposure of the results of PraisonAI.run() to the unauthenticated caller."

"“The impact therefore, depends on what the operator's agents.yaml is allowed to do, but the authentication bypass is unconditional in the shipped legacy server,” PraisonAI said. The vulnerability affects all versions of the Python package from 2.5.6 through 4.6.33. It has been patched in version 4.6.34."

"In a report published by Sysdig this week, the cloud security company said it observed attempts to exploit the flaw within hours of it becoming public knowledge. “Within three hours and 44 minutes of the advisory becoming public, a scanner identifying itself”"