PraisonAI Vulnerability Exploited Within Hours of Public Disclosure - CyberSecurityNews
CyberSecurityNewsArchived May 22, 2026✓ Full text saved
PraisonAI Vulnerability Exploited Within Hours of Public Disclosure CyberSecurityNews
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
PraisonAI Vulnerability Exploited Within Hours of Public Disclosure
By Abinaya
May 15, 2026
As artificial intelligence frameworks become central to enterprise operations, a critical flaw in a popular AI platform has exposed organizations to serious security risks from threat actors.
Within hours of public disclosure, a severe vulnerability in PraisonAI’s legacy API server, tracked as CVE-2026-44338, is already sending shockwaves through the developer community.
By shipping with authentication disabled by default, the framework essentially hands over the keys to its internal workflows.
This architectural misstep allows anyone on the network to hijack automated agent operations, execute tasks, and drain expensive API quotas without ever presenting a valid credential.
PraisonAI Vulnerability Exploit
The root cause of this high-severity flaw lies deep within the shipped legacy Flask API server, specifically targeting the src/praisonai/api_server.py entrypoint.
Security researchers discovered that the codebase relies on hard-coded insecure defaults, explicitly setting AUTH_ENABLED = False and AUTH_TOKEN = None.
Because the underlying check_auth() function fails open by design when authentication is disabled, any incoming request automatically bypasses the standard security gates.
Compounding the risk, when this script is launched directly, it binds to 0.0.0.0:8080.
This exposes the vulnerable, unprotected endpoints to all reachable network interfaces rather than isolating them to local environments.
The framework’s deployment subsystem also mirrors this insecure setup, generating sample deployment configurations that recommend open host bindings alongside disabled authentication.
Threat actors can seamlessly exploit this oversight by targeting two primary endpoints without supplying an Authorization header.
A simple GET request to the /agents route allows unauthenticated enumeration of the configured agent metadata, giving attackers immediate visibility into the system’s operational scope.
More critically, sending a POST request to /chat instantly triggers the system’s local agents.yaml workflow.
According to GitHub Advisories GHSA-6rmh-7xcm-cpxj, the flaw allows external attackers to repeatedly trigger pre-configured automated workflows, despite not enabling direct prompt injection.
Attackers can effortlessly extract sensitive output data returned by the system and force the victim’s infrastructure to exhaust costly external AI model quotas through repeated execution.
PraisonAI maintainers have released version 4.6.34 to patch this vulnerability. Developers utilizing the pip package must update their environments immediately to prevent active exploitation.
Furthermore, security engineers are strongly advised to transition away from the legacy API server and utilize the newer serve agents command.
This modern deployment path is secure by default, binding locally to 127.0.0.1 and requiring an –api-key argument for access, which effectively neutralizes the threat of unauthenticated intrusion.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
ShinyHunters Claims Credit for Cyber-Attack on Online Learning Management System
Claude Code RCE Flaw Lets Attackers Execute Commands via Malicious Deeplinks
PinTheft Linux Vulnerability Let Attackers Gain Root Access – PoC Released
UAC-0184 Malware Chain Uses bitsadmin and HTA Files for Gated Payload Delivery
OpenClaw Chain Vulnerabilities Expose 245,000 Public AI Agent Servers to Attack
Latest News
Cyber Security News
TamperedChef Malware Uses Signed Productivity Apps to Deliver Stealers and RATs
Cyber Security News
Fake Invitation Phishing Campaign Targets U.S. Organizations With Credential Theft
Cyber Security News
Indian Student Data Weaponized for Phishing, Social Engineering, and Financial Fraud
Chrome
Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now!
Cyber Security
Authorities Have Taken Down “First VPN” Used in Ransomware Attacks