CVE-2026-44338

Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.5.6 through 4.6.33

Description PraisonAI ships a legacy Flask API server with authentication disabled by default due to hard-coded AUTH ENABLED=False and AUTH TOKEN=None in the api server.py file. This causes the check auth() function to fail open, allowing any reachable caller to access protected endpoints without a token. Specifically, the '/agents' endpoint exposes agent metadata, and the '/chat' endpoint triggers the configured agents.yaml workflow by calling the PraisonAI().run() function, regardless of the message content. This can lead to unauthorized agent execution, workflow abuse, and the depletion of API quotas. Real-world incidents involved internet scanners, such as 'CVE-Detector/1.0', probing these endpoints within four hours of public disclosure.

Recommendations Upgrade to version 4.6.34. As a temporary workaround, deploy WAF rules to block unauthenticated access to the '/agents' and '/chat' endpoints.