The bug entails a legacy Flask-based API server part “src/praisonai/api_server.py” in PraisonAI that shipped with authentication disabled by default. The difficulty impacts variations 2.5.6 to 4.6.33, and has been mounted in model 4.6.34.
“Authentication disabled by default in a development-grade API server is a recognized anti-pattern, and its blast radius is bounded by no matter permissions the operator gave the agent workflow,” stated Trey Ford, chief technique and belief officer at Bugcrowd. “Any group that accelerated AI agent adoption with out auditing community binding, authentication defaults, and credential publicity in agent configuration recordsdata now faces danger it seemingly hasn’t quantified.”
Sysdig stated a GitHub advisory was revealed round 13:56 UTC on Might 11, and probing began at 17:40 UTC.
Authentication was disabled by default
Sysdig stated the susceptible part was a PraisonAI legacy API server, the place authentication protections had been successfully disabled by design. The researchers famous that any reachable caller might work together with agent workflows with out legitimate tokens.
