CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs May 22, 2026

PraisonAI Vulnerability Exploited Within Hours of Public Disclosure - CyberSecurityNews

CyberSecurityNews Archived May 22, 2026 ✓ Full text saved

PraisonAI Vulnerability Exploited Within Hours of Public Disclosure CyberSecurityNews

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News PraisonAI Vulnerability Exploited Within Hours of Public Disclosure By Abinaya May 15, 2026 As artificial intelligence frameworks become central to enterprise operations, a critical flaw in a popular AI platform has exposed organizations to serious security risks from threat actors. Within hours of public disclosure, a severe vulnerability in PraisonAI’s legacy API server, tracked as CVE-2026-44338, is already sending shockwaves through the developer community. By shipping with authentication disabled by default, the framework essentially hands over the keys to its internal workflows. This architectural misstep allows anyone on the network to hijack automated agent operations, execute tasks, and drain expensive API quotas without ever presenting a valid credential. PraisonAI Vulnerability Exploit The root cause of this high-severity flaw lies deep within the shipped legacy Flask API server, specifically targeting the src/praisonai/api_server.py entrypoint. Security researchers discovered that the codebase relies on hard-coded insecure defaults, explicitly setting AUTH_ENABLED = False and AUTH_TOKEN = None. Because the underlying check_auth() function fails open by design when authentication is disabled, any incoming request automatically bypasses the standard security gates. Compounding the risk, when this script is launched directly, it binds to 0.0.0.0:8080. This exposes the vulnerable, unprotected endpoints to all reachable network interfaces rather than isolating them to local environments. The framework’s deployment subsystem also mirrors this insecure setup, generating sample deployment configurations that recommend open host bindings alongside disabled authentication. Threat actors can seamlessly exploit this oversight by targeting two primary endpoints without supplying an Authorization header. A simple GET request to the /agents route allows unauthenticated enumeration of the configured agent metadata, giving attackers immediate visibility into the system’s operational scope. More critically, sending a POST request to /chat instantly triggers the system’s local agents.yaml workflow. According to GitHub Advisories GHSA-6rmh-7xcm-cpxj, the flaw allows external attackers to repeatedly trigger pre-configured automated workflows, despite not enabling direct prompt injection. Attackers can effortlessly extract sensitive output data returned by the system and force the victim’s infrastructure to exhaust costly external AI model quotas through repeated execution. PraisonAI maintainers have released version 4.6.34 to patch this vulnerability. Developers utilizing the pip package must update their environments immediately to prevent active exploitation. Furthermore, security engineers are strongly advised to transition away from the legacy API server and utilize the newer serve agents command. This modern deployment path is secure by default, binding locally to 127.0.0.1 and requiring an –api-key argument for access, which effectively neutralizes the threat of unauthenticated intrusion. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News ShinyHunters Claims Credit for Cyber-Attack on Online Learning Management System Claude Code RCE Flaw Lets Attackers Execute Commands via Malicious Deeplinks PinTheft Linux Vulnerability Let Attackers Gain Root Access – PoC Released UAC-0184 Malware Chain Uses bitsadmin and HTA Files for Gated Payload Delivery OpenClaw Chain Vulnerabilities Expose 245,000 Public AI Agent Servers to Attack Latest News Cyber Security News TamperedChef Malware Uses Signed Productivity Apps to Deliver Stealers and RATs Cyber Security News Fake Invitation Phishing Campaign Targets U.S. Organizations With Credential Theft Cyber Security News Indian Student Data Weaponized for Phishing, Social Engineering, and Financial Fraud Chrome Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now! Cyber Security Authorities Have Taken Down “First VPN” Used in Ransomware Attacks
    💬 Team Notes
    Article Info
    Source
    CyberSecurityNews
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    May 22, 2026
    Archived
    May 22, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗