PraisonAI Vulnerability Gets Scanned Within 4 Hours of Disclosure

PraisonAI Vulnerability Scanned Within Hours 🚨

A newly disclosed authentication bypass flaw (CVE-2026-44338) in PraisonAI drew near-instant probing, exposing risks from default-insecure AI APIs. Just four hours after its public disclosure, internet scanners began probing the exposed PraisonAI instances for vulnerable endpoints.

According to Sysdig observations, roughly three hours and 44 minutes after a GitHub advisory was published, a scanner identified as “CVE-Detector/1.0” was already searching for vulnerabilities. The advisory was published around 13:56 UTC on May 11, and probing started at 17:40 UTC.

The Vulnerability Details 🔍

The flaw involves a legacy Flask-based API server component in PraisonAI that shipped with authentication disabled by default. This issue affects versions 2.5.6 to 4.6.33, and has been fixed in version 4.6.34. Sysdig researchers noted that the vulnerable component was a legacy API server where authentication protections were effectively disabled by design.

Severity and Urgency ⚠️

The flaw, tracked as CVE-2026-44338, received a severity rating of CVSS 7.3 out of 10. Researchers warned that a successful exploit could lead to serious breaches. The initial reconnaissance traffic appeared generic, targeting common internet-exposed paths, but quickly pivoted to PraisonAI-specific endpoints.

Recommendations for Organizations 🛡️

Sysdig urged organizations to immediately upgrade to PraisonAI version 4.6.34 or later, which removes the vulnerable legacy API behavior and introduces stronger authentication protections. They also recommended discontinuing the use of the legacy “api_server.py” entrypoint entirely.

To support detection efforts, defenders were advised to monitor for requests containing the “CVE-Detector/1.0” user-agent string, along with suspicious requests targeting /agents, /chat, /api/agents, and related MCP endpoints.

For more details, Read full article