{"data":{"id":"3b21c559-b9a4-4a5d-a91e-3d7360e5fe64","title":"PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure","summary":"PraisonAI, an open-source framework for building multi-agent AI systems, has a critical authentication bypass vulnerability (CVE-2026-44338, a severity rating of 7.3 out of 10) where its default API server ships with authentication disabled, allowing anyone to access protected endpoints and trigger workflows without permission. Threat actors began exploiting this vulnerability within hours of its public disclosure, scanning internet-exposed instances to confirm they could access the vulnerable endpoints.","solution":"The vulnerability has been patched in version 4.6.34. Additionally, users are advised to apply the latest fixes as soon as possible, audit existing deployments, review model provider billing for suspicious activity, and rotate credentials referenced in 'agents.yaml.'","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/05/praisonai-cve-2026-44338-auth-bypass.html","publishedAt":"2026-05-14T11:40:14.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["PraisonAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-14T11:40:14.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}