Authentication Bypass in PraisonAI Legacy API Server Exploited Within Hours
Summary
Hide ▲
Show ▼
Within four hours of public disclosure, threat actors exploited CVE-2026-44338, an authentication bypass vulnerability in PraisonAI’s legacy Flask API server, to access sensitive endpoints without credentials. The flaw, affecting versions 2.5.6 through 4.6.33, stems from hard-coded authentication disablement (AUTH_ENABLED = False) and allows unauthenticated enumeration of configured agents and execution of agents.yaml workflows via /agents and /chat endpoints. Impact varies depending on the workflow’s permissions but includes quota exhaustion and exposure of PraisonAI.run() results. A patched version (4.6.34) is available. Exploitation activity was observed originating from IP 146.190.133[.]49 and using the User-Agent CVE-Detector/1.0.
Timeline
-
14.05.2026 14:40 1 articles · 2h ago
Exploitation of PraisonAI Authentication Bypass Within Hours of Disclosure
Threat actors exploited CVE-2026-44338 within approximately four hours of public disclosure. Automated scanning from 146.190.133[.]49 using the User-Agent CVE-Detector/1.0 probed exposed /agents endpoints and confirmed successful unauthenticated access, validating the bypass. No POST requests to /chat were observed during initial scans.
Show sources
- PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure — thehackernews.com — 14.05.2026 14:40
Information Snippets
-
CVE-2026-44338 (CVSS 7.3) is an authentication bypass in PraisonAI’s legacy Flask API server due to AUTH_ENABLED = False and AUTH_TOKEN = None by default in src/praisonai/api_server.py.
First reported: 14.05.2026 14:401 source, 1 articleShow sources
- PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure — thehackernews.com — 14.05.2026 14:40
-
The vulnerability affects PraisonAI Python package versions 2.5.6 through 4.6.33; patched in version 4.6.34.
First reported: 14.05.2026 14:401 source, 1 articleShow sources
- PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure — thehackernews.com — 14.05.2026 14:40
-
Exploitation enables unauthenticated access to /agents for agent.yaml enumeration and /chat to trigger configured workflows, potentially consuming API/model quotas and exposing PraisonAI.run() results.
First reported: 14.05.2026 14:401 source, 1 articleShow sources
- PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure — thehackernews.com — 14.05.2026 14:40
-
Security researcher Shmulik Cohen discovered and reported the bug.
First reported: 14.05.2026 14:401 source, 1 articleShow sources
- PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure — thehackernews.com — 14.05.2026 14:40
-
Within 3 hours 44 minutes of advisory publication (13:56 UTC May 11, 2026), automated scanning from 146.190.133[.]49 probed exposed instances with User-Agent CVE-Detector/1.0.
First reported: 14.05.2026 14:401 source, 1 articleShow sources
- PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure — thehackernews.com — 14.05.2026 14:40
-
Probe sequence included two passes: first scanning generic paths (.env, /admin, etc.), second targeting AI-agent surfaces including GET /agents returning 200 OK with agent_file and agents list, confirming successful bypass.
First reported: 14.05.2026 14:401 source, 1 articleShow sources
- PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure — thehackernews.com — 14.05.2026 14:40