Skip to main content

Tag: cve 2026 44338

1 article

Networked computer system with API server setup and blurred laptop screen.

Threat Actors Exploit PraisonAI Auth Bypass Within Hours of Disclosure

Within hours of a security flaw being disclosed, threat actors were exploiting it - a stark reminder of the risks of a legacy Flask API server that ships with authentication disabled by default. This gaping hole allowed attackers to access sensitive endpoints and trigger workflows without a token, putting systems at risk.

Analyst 207