VIR Vulnerability Intelligence Relay

CVE-2026-44338

high
Published 2026-05-11 · Modified 2026-05-11
CVSS v3
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS v2
VIR risk
7.3

Description

PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

Predictions

Exploit likelihood
82%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security-advisories@github.com — https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6rmh-7xcm-cpxj

Package impact
EcosystemPackageVulnerableFixed
python PyPIpraisonai>=2.5.6,<4.6.344.6.34
PIPPraisonAI>= 2.5.6, <= 4.6.334.6.34

Application impact
VendorProductVersionsFixed
praisonpraisonai{"startIncluding":"2.5.6","endExcluding":"4.6.34"}4.6.34

References

CWEs

CWE-306 CWE-668 CWE-1188

Verify integrity in audit chain (admin only). AS-IS.