CVE-2026-44338: PraisonAI Flask API Lacks Default Authentication

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-306cwe-668cwe-1188
CVE-2026-44338: PraisonAI Flask API Lacks Default Authentication

The National Vulnerability Database has disclosed CVE-2026-44338, a high-severity vulnerability (CVSS 7.3) affecting PraisonAI, a multi-agent teams system. Versions 2.5.6 through to 4.6.33 ship with a legacy Flask API server that has authentication disabled by default. This is a critical oversight.

Attackers who can reach this exposed Flask API can access the /agents endpoint and trigger configured workflows via /chat without any authentication token. This bypass allows unauthorized access and control over the AI agents, leading to potential data manipulation, exfiltration, or denial of service through arbitrary agent execution. The vulnerability is categorized under CWE-306 (Missing Authentication for Critical Function), CWE-668 (Exposure of Resource to Wrong Sphere), and CWE-1188 (Insecure Default Initialization of Resource).

Defenders must understand that ‘disabled by default’ often means ‘forgotten and left exposed’ in production environments. This isn’t theoretical; it’s a direct path for attackers. PraisonAI has addressed this in version 4.6.34, and immediate patching is required to close this glaring hole.

What This Means For You

  • If your organization uses PraisonAI, check your version immediately. Any deployment running PraisonAI versions 2.5.6 to 4.6.33 is vulnerable. Prioritize patching to version 4.6.34 or later. Furthermore, audit your network configurations to ensure this Flask API server is not publicly exposed, regardless of version. An unauthenticated API is a red alert for any CISO.

Indicators of Compromise

IDTypeIndicator
CVE-2026-44338 Auth Bypass PraisonAI versions 2.5.6 to 4.6.33
CVE-2026-44338 Auth Bypass PraisonAI legacy Flask API server with authentication disabled
CVE-2026-44338 Auth Bypass Access to /agents endpoint without authentication in PraisonAI
CVE-2026-44338 Auth Bypass Triggering agents.yaml workflow via /chat endpoint without authentication in PraisonAI

Written by SCW Vulnerability Desk

🔎
Check Latest Vulnerabilities and Advisories Use /brief for an analyst-ready weekly threat summary with severity rankings and key IOCs.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 08, 2026 at 17:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate

CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console...

vulnerabilityCVEmedium-severitycwe-862
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-6666 — A possible null pointer reference in PgBouncer before

CVE-2026-6666 — A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE...

vulnerabilityCVEmedium-severitycwe-476
/SCW Vulnerability Desk /MEDIUM /5.9 /⚑ 2 IOCs /⚙ 1 Sigma

PgBouncer SCRAM Vulnerability (CVE-2026-6665) Allows Stack Overflow

CVE-2026-6665 — The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM...

vulnerabilityCVEhigh-severitycwe-121
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 2 Sigma