Contact us
Contact us

News

About

Home Crypto News Scanners probe PraisonAI auth bypass hours after disclosure

Scanners probe PraisonAI auth bypass hours after disclosure

Author Whitewallet Research
Posted: 14 May 2026, 12:21 CET 2 min read

Automated scanners hit PraisonAI’s exposed legacy Flask API 3 hours 44 minutes after CVE-2026-44338 disclosure, returning agents.yaml via unauthenticated GET /agents.

Cloud security firm Sysdig reported automated scanners began probing PraisonAI instances 3 hours and 44 minutes after the vulnerability advisory was published on May 11, 2026, at 13:56 UTC. The first targeted request reached internet-exposed hosts at 17:40 UTC from IP address 146.190.133[.]49 using the User-Agent string CVE-Detector/1.0.

The flaw is tracked as CVE-2026-44338 and carries a CVSS score of 7.3. It stems from a legacy Flask API server included with PraisonAI that ships with authentication disabled by default; the code hard-codes AUTH_ENABLED = False and AUTH_TOKEN = None. The vulnerability affects Python package versions 2.5.6 through 4.6.33 and was fixed in version 4.6.34. Security researcher Shmulik Cohen reported the issue.

Sysdig observed the scanner run two passes about eight minutes apart, each sending roughly 70 requests over about 50 seconds. The first pass checked common disclosure paths such as /.env and /admin, while the second pass focused on AI-agent endpoints and targeted PraisonAI. The request that matched CVE-2026-44338 was an unauthenticated GET /agents that returned 200 OK with a JSON body indicating the agent file and agents list, confirming the authentication bypass. The scanner did not send POST requests to the /chat endpoint during the observed activity.

PraisonAI’s advisory warned that an exploited instance can allow unauthenticated enumeration of the configured agent file via /agents, unauthenticated triggering of local agents.yaml workflows through /chat, repeated consumption of model or API quota, and exposure of PraisonAI.run() results to the caller. The advisory added that “the impact therefore, depends on what the operator’s agents.yaml is allowed to do, but the authentication bypass is unconditional in the shipped legacy server.”

Operators are advised to upgrade affected installations to PraisonAI version 4.6.34 or later, audit deployments for any exposed legacy Flask servers, check model provider billing for unexplained usage, and rotate credentials referenced in agents.yaml.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE