Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: praisonai (1 article)Clear

PraisonAI multi-agent framework hit by internet scanners 3 hours 44 minutes after auth-bypass advisory landed (CVE-2026-44338) - 7,100-star AI project shipped 'AUTH_ENABLED = False' by default

PraisonAI, an open-source multi-agent orchestration framework with about 7,100 GitHub stars, shipped a legacy Flask API server with authentication hard-coded off (AUTH_ENABLED = False, AUTH_TOKEN = None). When the GitHub advisory and CVE-2026-44338 (CVSS 7.3) became public at 13:56 UTC on May 11, Sysdig's threat research honeypots saw a scanner identifying itself as CVE-Detector/1.0 probing the exact vulnerable endpoint at 17:40 UTC the same day - just 3 hours and 44 minutes later. The scanner enumerated /agents to confirm the auth bypass worked, then moved on. The actual impact ceiling depends on whatever the operator's agents.yaml workflow is configured to do.

Check
Search dependency manifests for PraisonAI versions 2.5.6 through 4.6.33, check whether the legacy api_server.py is exposed on port 8080 or similar to the public internet, and review web access logs for User-Agent CVE-Detector/1.0 against /agents endpoints.
Affected
PraisonAI Python package versions 2.5.6 through 4.6.33 when the legacy Flask api_server.py is used. The sample API deployment YAML inherits host: 0.0.0.0 with auth_enabled: false without warning.
Fix
Upgrade PraisonAI to 4.6.34 or later and migrate off the legacy api_server.py entrypoint. Bind to 127.0.0.1 for token-less dev work. Rotate any credentials referenced in agents.yaml and audit model-provider billing from May 11 onward.