Flask API Server Vulnerability in PraisonAI from Multi-Agent Teams System
CVE-2026-44338
Key Information:
- Vendor
Mervinpraison
- Status
- Vendor
- CVE Published:
- 8 May 2026
Badges
What is CVE-2026-44338?
CVE-2026-44338 is a significant vulnerability found in the PraisonAI platform, a multi-agent teams system developed by Mervinpraison. This vulnerability specifically affects versions from 2.5.6 up to but not including 4.6.34, where a legacy Flask API server is shipped with authentication disabled by default. The lack of authentication allows any attacker capable of reaching the server to exploit endpoints such as /agents and /chat without the need for a security token. This inherent weakness in the API design potentially opens the doors to unauthorized access and manipulation of the system’s workflow. Given that PraisonAI can host sensitive collaborative operations among teams, this vulnerability could lead to severe organizational risks, including data leaks and unauthorized command execution.
Potential impact of CVE-2026-44338
-
Unauthorized Access: The vulnerability allows attackers to access sensitive functionalities of the PraisonAI system without proper authentication, enabling them to interact with and manipulate underlying processes or data flows.
-
Data Breach Risks: Exploitation could result in unauthorized retrieval of sensitive data stored within the system, leading to potential data leaks and breaches that could compromise organizational integrity and confidentiality.
-
Operational Disruption: By triggering configured workflows through compromised endpoints, an attacker could disrupt essential services, causing downtime or mismanagement of critical tasks among multi-agent teams, ultimately harming productivity and service delivery.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
PraisonAI >= 2.5.6, < 4.6.34
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
PraisonAI Vulnerability Actively Exploited Within Hours of Being Made Public - IT Security News
A high-severity vulnerability in PraisonAI is drawing urgent attention after security researchers observed exploitation attempts within hours of public disclosure. The flaw, tracked as CVE-2026-44338 and documented in the GitHub advisory GHSA-6rmh-7xcm-cpxj, exposes a critical authentication bypass ...
CloakHQ's Open-Source Chromium Fork Defeats Cloudflare, DataDome, and PerimeterX Without Configuration
Security researchers at Sysdig recorded the first exploitation attempt against CVE-2026-44338 — a missing-authentication flaw in the open-source PraisonAI multi-agent framework — just three hours, 44
References
EPSS Score
26% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by Securityweek
Vulnerability published
Vulnerability Reserved
