EXPLOITATION started within hours of disclosure of PraisonAI’s authentication bypass vulnerability, tracked as CVE-2026-44338, with first attempts observed less than four hours after the public disclosure. According to Sysdig, PraisonAI versions 2.5.6 to 4.6.33 shipped with a legacy Flask API server that had authentication disabled by default, enabling access to the /agents endpoint and the ability to trigger the agents[.]yaml workflow via /chat without a token.
The security firm notes that a scanner identifying itself as CVE-Detector/1.0 probed the exposed endpoint within three hours and 44 minutes of the advisory going public, performing two passes that produced roughly 70 requests in about 50 seconds. The activity appeared to be reconnaissance rather than interactive exploitation, targeting only /agents and not /chat. PraisonAI has since been patched to version 4.6.34, and organisations are urged to update deployments promptly to mitigate rapid exploitation risks.