PT-2026-53130 · Pypi · Praisonai

Publicado

2026-06-18

·

Atualizado

2026-06-18

CVSS v3.1

8.2

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Summary

Setting PRAISONAI CALL AUTH=disabled completely disables all authentication on the /api/v1/agents/{id}/invoke endpoint. This bypass is advertised in the application's own error messages, making it likely to appear in production Docker and Compose configurations.

Details

python
# src/praisonai/praisonai/api/agent invoke.py:32
 CALL AUTH DISABLED = os.getenv('PRAISONAI CALL AUTH', '').lower() == 'disabled'

async def verify token(...) -> None:
  if CALL AUTH DISABLED:
    return # all authentication skipped unconditionally
The application's own error message advertises the bypass:
"Set CALL SERVER TOKEN or PRAISONAI CALL AUTH=disabled to run without authentication."
This causes the setting to appear in Docker/Compose configurations as a convenience option.

Proof of Concept

python
import os
os.environ["PRAISONAI CALL AUTH"] = "disabled"
# verify token() now returns immediately for any request
# POST /api/v1/agents/any-agent/invoke → 200 OK (no token needed)
Common vulnerable deployment:
yaml
# docker-compose.yml
environment:
 - PRAISONAI CALL AUTH=disabled # auth completely disabled

Impact

Full unauthenticated access to the agent invocation API. Any agent registered on the server can be triggered without credentials, potentially executing arbitrary actions depending on the agent's configured tools.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

GHSA-8CCJ-P46R-JWQQ

Produtos afetados

Praisonai