[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fP8oKvtrY6oohAuDBOd6QPk09TVn7zVujAWGKgadcPvA":3},{"article":4,"iocs":47},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":26,"category":27,"article_tags":31},"8c021596-bdc0-4ddb-b399-65abcbc96387","PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure","praisonai-cve-2026-44338-auth-bypass-targeted-within-hours-of-disclosure-d33a9e","Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the","Threat actors began exploiting CVE-2026-44338, a missing authentication vulnerability in PraisonAI's legacy Flask API server, within 3 hours 44 minutes of public disclosure on May 11, 2026. The flaw (CVSS 7.3) allows unauthenticated access to sensitive endpoints including agent enumeration and workflow invocation. The vulnerability affects versions 2.5.6 through 4.6.33 and has been patched in version 4.6.34.","PraisonAI CVE-2026-44338 auth bypass exploited within hours of disclosure","PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure Ravie LakshmananMay 14, 2026Vulnerability \u002F API Security Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the API server's protected functionality without a token. \"PraisonAI ships a legacy Flask API server with authentication disabled by default,\" according to an advisory released by the maintainers earlier this month. \"When that server is used, any caller that can reach it can access \u002Fagents and trigger the configured agents.yaml workflow through \u002Fchat without providing a token.\" Specifically, the legacy Flask-based API server, src\u002Fpraisonai\u002Fapi_server.py, hard-codes AUTH_ENABLED = False and AUTH_TOKEN = None. According to PraisonAI, successful exploitation of the flaw can have varied impacts, including - Unauthenticated enumeration of the configured agent file through \u002Fagents Unauthenticated triggering of the locally configured \"agents.yaml\" workflow through \u002Fchat Repeated consumption of the model\u002FAPI quota, and Exposure of the results of PraisonAI.run() to the unauthenticated caller \"The impact therefore, depends on what the operator's agents.yaml is allowed to do, but the authentication bypass is unconditional in the shipped legacy server,\" PraisonAI said. The vulnerability affects all versions of the Python package from 2.5.6 through 4.6.33. It has been patched in version 4.6.34. Security researcher Shmulik Cohen has been credited with discovering and reporting the bug. In a report published by Sysdig this week, the cloud security company said it observed attempts to exploit the flaw within hours of it becoming public knowledge. \"Within three hours and 44 minutes of the advisory becoming public, a scanner identifying itself as CVE-Detector\u002F1.0 was probing the exact vulnerable endpoint on internet-exposed instances,\" it said. \"The advisory was published [on May 11, 2026,] at 13:56 UTC. The first targeted request landed at 17:40 UTC the same day.\" The activity, per Sysdig, originated from the IP address 146.190.133[.]49 and followed a packaged-scanner profile that carried out two passes spaced eight minutes apart, with each pass pushing approximately 70 requests in roughly 50 seconds. While the first pass scanned generic disclosure paths (\u002F.env, \u002Fadmin, \u002Fusers\u002Fsign_in, \u002Feval, \u002Fcalculate, \u002FGemfile.lock), the second pass specifically singled out AI-agent surfaces, including PraisonAI. \"The probe that matched CVE-2026-44338 directly was a single GET \u002Fagents with no Authorization header and User-Agent CVE-Detector\u002F1.0,\" Sysdig said. \"That request returns 200 OK with body {\"agent_file\":\"agents.yaml\",\"agents\":[...]}, confirming the bypass was successful.\" The scanner has not been found to send any POST request to the \"\u002Fchat\" endpoint during either pass, indicating the activity is consistent with an initial check to determine if the auth bypass works and confirm if the host is exploitable via CVE-2026-44338. The rapid exploitation of the PraisonAI is the latest example of a broader trend where threat actors are increasingly adopting newly disclosed flaws into their arsenal before they can be patched. Users are advised to apply the latest fixes as soon as possible, audit existing deployments, review model provider billing for any suspicious activity, and rotate credentials referenced in \"agents.yaml.\" \"Adversary tooling has scaled to the entire AI and agent ecosystem – no matter the size, and not just the household names – and the operating assumption for any project that ships an unauthenticated default must be that the window between disclosure and active exploitation is measured in single-digit hours,\" Sysdig said. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  AI Agent, API Security, Authentication bypass, cybersecurity, PraisonAI, Sysdig, Threat Intelligence, Vulnerability ⚡ Top Stories This Week Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation ⭐ Featured Resources [Webinar] Learn How to Handle Critical SOC Alerts With AI Support Identify Internal Attack Surfaces More Efficiently With a Free Assessment [eBook] Get the 3-Number SOC Diagnostic to Reduce Queue Risk [Guide] Stop Email Fraud Before It Turns Into Ransomware Damage","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002Fpraisonai-cve-2026-44338-auth-bypass.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEg2IaSkdVZD_wyJJT-sODoazviDXhw3MGkn5XHYocnTL1YfLJpgJ-1wNaAm0Rk0phyrIv8vS73SNNkPSmlxRkK9ySAQGnn_tCP9JcVKyqee6lxjlYEp0cs2C_R9cDtgCEXwsjWtx1XnafF5r_fAuDDAvg0CRMOgJk8ZMwSjRsw1Js90uR-97t-rh5yU12Oj\u002Fs1600\u002Fpraison.jpg","2026-05-14T11:40:14+00:00","2026-05-14T14:00:20.222581+00:00",9,[18,21,24],{"name":19,"type":20},"PraisonAI","product",{"name":22,"type":23},"Flask","technology",{"name":25,"type":23},"API authentication","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":26,"icon":28,"name":29,"slug":30},null,"Vulnerabilities","vulnerabilities",[32,37,42],{"category":33},{"id":34,"icon":28,"name":35,"slug":36},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",{"category":38},{"id":39,"icon":28,"name":40,"slug":41},"839da5c1-3c34-47e2-9499-f7201640e3ac","AI Security","ai-security",{"category":43},{"id":44,"icon":28,"name":45,"slug":46},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",[48,52],{"type":49,"value":50,"context":51},"ip","146.190.133.49","Source IP of scanner CVE-Detector\u002F1.0 probing vulnerable PraisonAI endpoints within hours of disclosure",{"type":53,"value":54,"context":55},"cve","CVE-2026-44338","Missing authentication vulnerability in PraisonAI Flask API server, CVSS 7.3, affects versions 2.5.6-4.6.33"]