Ethical Hacking News
The PraisonAI authentication bypass vulnerability has been targeted by threat actors within hours of its public release, highlighting the need for timely patching and proper configuration of AI-driven systems. This vulnerability affects all versions of the Python package from 2.5.6 through 4.6.33 and has been patched in version 4.6.34. It is essential for users to apply the latest fixes as soon as possible to prevent exploitation.
The rapid exploitation of PraisonAI underscores a broader trend where threat actors are increasingly adopting newly disclosed flaws into their arsenal before they can be patched. This vulnerability serves as a reminder of the importance of staying vigilant and proactive in the face of emerging threats.
The PraisonAI open-source multi-agent orchestration framework has a critical vulnerability, CVE-2026-44338, that exposes sensitive endpoints. The vulnerability is due to missing authentication, allowing attackers to access protected functionality without a token. The bug affects all versions of the Python package from 2.5.6 through 4.6.33 and has been patched in version 4.6.34. The vulnerability was exploited within three hours and 44 minutes of its public disclosure by a cloud security company, Sysdig. Users are advised to apply the latest fixes, audit existing deployments, review model provider billing for suspicious activity, and rotate credentials in "agents.yaml" to prevent exploitation.
In a recent disclosure, security researchers have identified a critical vulnerability in the PraisonAI open-source multi-agent orchestration framework, which has been targeted by threat actors within hours of its public release. The vulnerability, CVE-2026-44338, is a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the API server's protected functionality without a token.
According to PraisonAI, the legacy Flask-based API server ships with authentication disabled by default, which means that any caller that can reach it can access /agents and trigger the configured agents.yaml workflow through /chat without providing a token. This vulnerability has been patched in version 4.6.34, but it is essential for users to apply the latest fixes as soon as possible to prevent exploitation.
Security researcher Shmulik Cohen discovered and reported this bug, which affects all versions of the Python package from 2.5.6 through 4.6.33. The vulnerability has been observed by cloud security company Sysdig, which noted that it was exploited within three hours and 44 minutes of its public disclosure.
Sysdig observed a scanner identifying itself as CVE-Detector/1.0 probing the exact vulnerable endpoint on internet-exposed instances. The scanner followed a packaged-scanner profile that carried out two passes spaced eight minutes apart, with each pass pushing approximately 70 requests in roughly 50 seconds.
While the first pass scanned generic disclosure paths, including /.env, /admin, /users/sign_in, /eval, /calculate, and /Gemfile.lock, the second pass specifically singled out AI-agent surfaces, including PraisonAI. The probe that matched CVE-2026-44338 directly was a single GET /agents with no Authorization header and User-Agent CVE-Detector/1.0.
Sysdig noted that this request returns 200 OK with body {"agent_file":"agents.yaml","agents":[...]}, confirming the bypass was successful. This activity is consistent with an initial check to determine if the auth bypass works and confirm if the host is exploitable via CVE-2026-44338.
The rapid exploitation of PraisonAI highlights a broader trend where threat actors are increasingly adopting newly disclosed flaws into their arsenal before they can be patched. Users are advised to take immediate action by applying the latest fixes, auditing existing deployments, reviewing model provider billing for any suspicious activity, and rotating credentials referenced in "agents.yaml."
According to Sysdig, adversary tooling has scaled to the entire AI and agent ecosystem, regardless of size. The operating assumption for any project that ships an unauthenticated default must be that the window between disclosure and active exploitation is measured in single-digit hours.
The discovery of this vulnerability serves as a reminder of the importance of timely patching and proper configuration of AI-driven systems. As the use of artificial intelligence (AI) continues to grow across various industries, the risk of vulnerabilities like this one will only continue to increase.
Related Information:
https://www.ethicalhackingnews.com/articles/The-PraisonAI-Authentication-Bypass-Vulnerability-A-New-Threat-to-AI-Driven-Systems-ehn.shtml
https://thehackernews.com/2026/05/praisonai-cve-2026-44338-auth-bypass.html
https://nvd.nist.gov/vuln/detail/CVE-2026-44338
https://www.cvedetails.com/cve/CVE-2026-44338/
Published: Thu May 14 08:09:07 2026 by llama3.2 3B Q4_K_M
