PraisonAI API Server Vulnerability Exposes AI Workflows to Unauthorized Access
A critical security flaw in PraisonAI a legacy Flask-based API server component (src/praisonai/api_server.py) was discovered with authentication disabled by default, leaving AI agent workflows exposed to unauthorized access. The vulnerability affects versions 2.5.6 to 4.6.33 and was patched in version 4.6.34.
Security experts, including Trey Ford of Bugcrowd, warned that the misconfiguration a known anti-pattern in development-grade APIs could allow attackers to interact with workflows if the server was network-accessible. The risk was compounded for organizations that deployed AI agents without auditing authentication defaults, network bindings, or credential exposure in configuration files.
Sysdig reported that a GitHub advisory was published at 13:56 UTC on May 11, with probing activity detected just hours later at 17:40 UTC. The flaw stemmed from the API server’s design, which permitted unrestricted access to agent workflows without requiring valid authentication tokens. The incident underscores the growing security risks of rapidly adopted AI infrastructure lacking proper hardening.
Praison AI cybersecurity rating report: https://www.rankiteo.com/company/praisonai
"id": "PRA1778761455",
"linkid": "praisonai",
"type": "Vulnerability",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Artificial Intelligence',
'name': 'PraisonAI',
'type': 'Company'}],
'attack_vector': 'Network-accessible API server',
'date_detected': '2024-05-11T17:40:00Z',
'date_publicly_disclosed': '2024-05-11T13:56:00Z',
'description': "A critical security flaw in PraisonAI's legacy Flask-based "
'API server component (src/praisonai/api_server.py) was '
'discovered with authentication disabled by default, leaving '
'AI agent workflows exposed to unauthorized access. The '
'vulnerability affects versions 2.5.6 to 4.6.33 and was '
'patched in version 4.6.34. Security experts warned that the '
'misconfiguration could allow attackers to interact with '
'workflows if the server was network-accessible.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'security misconfiguration',
'operational_impact': 'Unauthorized access to AI workflows',
'systems_affected': 'AI agent workflows'},
'lessons_learned': 'The incident underscores the growing security risks of '
'rapidly adopted AI infrastructure lacking proper '
'hardening, including auditing authentication defaults, '
'network bindings, and credential exposure in '
'configuration files.',
'post_incident_analysis': {'corrective_actions': 'Patch released in version '
'4.6.34 to enforce '
'authentication',
'root_causes': 'Authentication disabled by default '
'in legacy Flask-based API server'},
'recommendations': 'Organizations should enable authentication, audit '
'configuration defaults, and ensure proper network '
'security measures for AI infrastructure.',
'references': [{'date_accessed': '2024-05-11', 'source': 'GitHub Advisory'},
{'date_accessed': '2024-05-11', 'source': 'Sysdig Report'}],
'response': {'communication_strategy': 'GitHub advisory published',
'containment_measures': 'Patch released in version 4.6.34',
'remediation_measures': 'Enable authentication and audit '
'configuration defaults'},
'title': 'PraisonAI API Server Vulnerability Exposes AI Workflows to '
'Unauthorized Access',
'type': 'Misconfiguration',
'vulnerability_exploited': 'Authentication disabled by default in Flask-based '
'API server'}