PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

Description

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow through /chat without providing a token. This issue has been patched in version 4.6.34.

Affected Products

Vendor	Product	Versions
praison	praisonai	pip/PraisonAI: >= 2.5.6, <= 4.6.33

References

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6rmh-7xcm-cpxj(x_refsource_CONFIRM)

Related News (4 articles)

Tier D

The Hacker News2h ago

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

→ No new info (linked only)

Tier D

CSO Online2h ago

PraisonAI vulnerability gets scanned within 4 hours of disclosure

→ No new info (linked only)

Tier D

SecurityWeek4h ago

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure

→ No new info (linked only)

Tier C

VulDB5d ago

CVE-2026-44338 | MervinPraison PraisonAI up to 4.6.33 /agents missing authentication (GHSA-6rmh-7xcm-cpxj)

CVSS 3.17.3 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

PraisonAI@4.6.34

CWECWE-306, CWE-668, CWE-1188

PublishedMay 8, 2026

Last enriched5d agov2

PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

Description

Affected Products

References

Related News (4 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History