PraisonAI multi-agent framework hit by internet scanners 3 hours 44 minutes after auth-bypass advisory landed (CVE-2026-44338) - 7,100-star AI project shipped 'AUTH_ENABLED = False' by default
PraisonAI, an open-source multi-agent orchestration framework with about 7,100 GitHub stars, shipped a legacy Flask API server with authentication hard-coded off (AUTH_ENABLED = False, AUTH_TOKEN = None). When the GitHub advisory and CVE-2026-44338 (CVSS 7.3) became public at 13:56 UTC on May 11, Sysdig's threat research honeypots saw a scanner identifying itself as CVE-Detector/1.0 probing the exact vulnerable endpoint at 17:40 UTC the same day - just 3 hours and 44 minutes later. The scanner enumerated /agents to confirm the auth bypass worked, then moved on. The actual impact ceiling depends on whatever the operator's agents.yaml workflow is configured to do.
- Check
- Search dependency manifests for PraisonAI versions 2.5.6 through 4.6.33, check whether the legacy api_server.py is exposed on port 8080 or similar to the public internet, and review web access logs for User-Agent CVE-Detector/1.0 against /agents endpoints.
- Affected
- PraisonAI Python package versions 2.5.6 through 4.6.33 when the legacy Flask api_server.py is used. The sample API deployment YAML inherits host: 0.0.0.0 with auth_enabled: false without warning.
- Fix
- Upgrade PraisonAI to 4.6.34 or later and migrate off the legacy api_server.py entrypoint. Bind to 127.0.0.1 for token-less dev work. Rotate any credentials referenced in agents.yaml and audit model-provider billing from May 11 onward.