Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
Summary
PraisonAI, a framework for deploying autonomous AI agents, had a critical authentication bypass vulnerability (CVE-2026-44338) in versions 2.5.6 to 4.6.33 where a legacy Flask API server shipped with authentication disabled by default, allowing unauthenticated attackers to access agent configurations and trigger workflows. Hackers began scanning for and testing this vulnerability within less than four hours of its public disclosure, demonstrating how quickly AI tools are enabling rapid exploitation of newly disclosed security flaws.
Solution / Mitigation
The vulnerability was resolved in PraisonAI version 4.6.34. Organizations should update their deployments as soon as possible.
Classification
Affected Vendors
Related Issues
Original source: https://www.securityweek.com/hackers-targeted-praisonai-vulnerability-hours-after-disclosure/
First tracked: May 14, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 92%