Flask API Server Vulnerability in PraisonAI from Multi-Agent Teams System
CVE-2026-44338

7.3HIGH

Key Information:

Vendor

Mervinpraison

Status
Praisonai
Vendor
CVE Published:
8 May 2026

Badges

๐Ÿ“ˆ Score: 626๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐Ÿ“ฐ News Worthy

What is CVE-2026-44338?

CVE-2026-44338 is a significant vulnerability found in the PraisonAI platform, a multi-agent teams system developed by Mervinpraison. This vulnerability specifically affects versions from 2.5.6 up to but not including 4.6.34, where a legacy Flask API server is shipped with authentication disabled by default. The lack of authentication allows any attacker capable of reaching the server to exploit endpoints such as /agents and /chat without the need for a security token. This inherent weakness in the API design potentially opens the doors to unauthorized access and manipulation of the systemโ€™s workflow. Given that PraisonAI can host sensitive collaborative operations among teams, this vulnerability could lead to severe organizational risks, including data leaks and unauthorized command execution.

Potential impact of CVE-2026-44338

  1. Unauthorized Access: The vulnerability allows attackers to access sensitive functionalities of the PraisonAI system without proper authentication, enabling them to interact with and manipulate underlying processes or data flows.

  2. Data Breach Risks: Exploitation could result in unauthorized retrieval of sensitive data stored within the system, leading to potential data leaks and breaches that could compromise organizational integrity and confidentiality.

  3. Operational Disruption: By triggering configured workflows through compromised endpoints, an attacker could disrupt essential services, causing downtime or mismanagement of critical tasks among multi-agent teams, ultimately harming productivity and service delivery.

Affected Version(s)

PraisonAI >= 2.5.6, < 4.6.34

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-44338
Created by HORKimhab

News Articles

favicon imageThe Hacker News

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

PraisonAI auth bypass exposed /agents after May 11 disclosure, enabling exploit checks within 3h44m.

2 days ago

favicon imageSecurityweek

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure

Hackers started exploiting an authentication bypass in PraisonAI less than four hours after the vulnerability was publicly disclosed.

2 days ago

References

https://github.com/MervinPraison/PraisonAI/security/advis...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by Securityweek

  • Vulnerability published

  • Vulnerability Reserved

.