A newly discovered security vulnerability in PraisonAI is being actively targeted by attackers only a few hours after becoming public. The flaw, identified as CVE-2026-44338, is an authentication bypass vulnerability that allows unauthorized users to access protected AI agent functions without logging in. Security researchers said the incident highlights how quickly cybercriminals now react to newly disclosed vulnerabilities. The issue has raised serious concerns among cybersecurity experts and organizations using AI-based platforms.

PraisonAI is an open-source AI framework used for building and managing AI agents and workflows. According to researchers, the vulnerability affects PraisonAI versions 2.5.6 through 4.6.33. The company has fixed the issue in version 4.6.34 and users are strongly advised to update immediately. Experts warned that systems running older versions may remain exposed to unauthorized access and misuse. Organizations using public-facing AI services are considered at higher risk if the patch is not applied quickly.

Researchers from cloud security company Sysdig reported that attack-related scanning activity started less than four hours after the vulnerability was publicly disclosed. The first suspicious requests were reportedly detected around 3 hours and 44 minutes after the advisory became available online. This shows how attackers continuously monitor newly published security flaws and quickly begin searching for vulnerable systems. Security analysts say this rapid activity has become increasingly common in recent years.

The attack attempts mainly focused on the /agents endpoint used by PraisonAI services. Researchers observed scans coming from an IP address using the identifier “CVE-Detector/1.0,” which appeared to be checking whether systems were vulnerable. According to experts, the scanning activity was designed to identify internet-exposed servers running the affected versions. The rapid targeting of the flaw demonstrates how automated tools are now widely used by attackers to detect weaknesses.

Researchers explained that the vulnerability exists because a legacy Flask API server inside PraisonAI had authentication disabled by default. Insecure settings such as AUTH_ENABLED = False and AUTH_TOKEN = None were reportedly hardcoded inside the application. Due to these settings, requests to protected API endpoints could bypass security checks completely. This created a situation where unauthorized users could access sensitive functions without providing credentials or authentication tokens.

Security experts warned that attackers may be able to access AI agent configurations, trigger workflows, and consume AI model resources without permission. The exact impact depends on how the server is configured and what permissions are assigned to the AI agents. Researchers said organizations exposing these services publicly could face serious risks if the vulnerability remains unpatched. Improperly secured AI systems may also lead to misuse of connected resources and sensitive operational data.

Two vulnerable API endpoints were specifically identified during the investigation. The GET /agents endpoint could expose configured AI agent information, while the POST /chat endpoint could allow unauthorized execution of AI workflows. Researchers stated that they did not yet observe attackers fully exploiting the /chat endpoint for advanced attacks. However, the ongoing reconnaissance activity clearly showed that threat actors were actively searching for accessible vulnerable servers.

Cybersecurity experts believe this incident reflects a growing trend where attackers weaponize vulnerabilities almost immediately after disclosure. Researchers explained that automation and AI-assisted attack methods now allow threat actors to reverse-engineer flaws and launch internet-wide scans within hours. Security professionals recommend updating PraisonAI to version 4.6.34 immediately and reviewing logs for suspicious requests targeting affected endpoints. Experts also advised organizations to limit unnecessary public exposure of AI services and monitor systems carefully for unusual activity.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news