PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
PraisonAI web UI CVE-2026-44338 (CVSS 9.8) auth bypass on /chat endpoint exploited within hours. Attackers swapped the OpenAI base URL to exfiltrate prompts and responses. Patch to 2.6.2.
What’s new: A critical vulnerability identified as CVE-2026-44338, with a CVSS score of 9.8, has been disclosed in PraisonAI’s web UI. This flaw allows attackers to bypass authentication on the /chat endpoint, enabling them to invoke high-privileged tools without any credentials. The vulnerability was actively exploited within hours of its disclosure, with attackers attempting to manipulate the system to alter the OpenAI base URL and exfiltrate sensitive data.
Who’s affected
Users of PraisonAI’s web UI prior to version 2.6.2 are at significant risk. The vulnerability can be exploited remotely, particularly if the UI is exposed to the public internet, which is common given Docker default configurations.
What to do
- Immediately upgrade PraisonAI to version 2.6.2 to mitigate the vulnerability.
- If running the UI behind a load balancer or reverse proxy, ensure that authentication is enforced.
- Audit any unintended tool executions or unusual configuration changes that may have occurred since the vulnerability was disclosed.
- Block public access to PraisonAI deployments and place authenticated reverse proxies in front of them.
