Back to KEVs

CVE-2026-44338

PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

Basic Information

CVE State
PUBLISHED
Reserved Date
May 05, 2026
Published Date
May 08, 2026
Last Updated
May 08, 2026
Vendor
MervinPraison
Product
PraisonAI
Description
PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow through /chat without providing a token. This issue has been patched in version 4.6.34.

CVSS Scores

CVSS v3.1

7.3 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

SSVC Information

Exploitation
poc
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2026-05-14 14:20:11 UTC) Source

References

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6rmh-7xcm-cpxj

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2026-05-14 14:20:11 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel