{"data":{"id":"02dd5e73-6d54-4458-ad4e-5d0d24f35adb","title":"Hackers Targeted PraisonAI Vulnerability Hours After Disclosure","summary":"PraisonAI, a framework for deploying autonomous AI agents, had a critical authentication bypass vulnerability (CVE-2026-44338) in versions 2.5.6 to 4.6.33 where a legacy Flask API server shipped with authentication disabled by default, allowing unauthenticated attackers to access agent configurations and trigger workflows. Hackers began scanning for and testing this vulnerability within less than four hours of its public disclosure, demonstrating how quickly AI tools are enabling rapid exploitation of newly disclosed security flaws.","solution":"The vulnerability was resolved in PraisonAI version 4.6.34. Organizations should update their deployments as soon as possible.","labels":["security"],"sourceUrl":"https://www.securityweek.com/hackers-targeted-praisonai-vulnerability-hours-after-disclosure/","publishedAt":"2026-05-14T09:45:53.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["PraisonAI","Anthropic","OpenAI","AWS Bedrock"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-14T09:45:53.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}