CVE-2026-47393
published 2026-05-29CVE-2026-47393: PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default ### Summary CVE-2026-44338 (GHSA-6rmh-7xcm-cpxj) documents that…
high7.3
PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
### Summary
CVE-2026-44338 (GHSA-6rmh-7xcm-cpxj) documents that PraisonAI ships a code-generator (`praisonai.deploy.api.generate_api_server_code`) that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart (`praisonai deploy --type api`) get a server that:
- binds to `0.0.0.0` per the recommended sample YAML
- exposes `/chat` and `/agents` endpoints
- runs `praisonai.run()` on user-supplied JSON input — LLM orchestration with the API key materials present in the process environment
- does not require any authentication
The PyPI wheel `praisonai==4.6.33` (current `@latest`) still ships the generator with `auth_enabled` defaulting to `False`. The fix shape is opt-in via `APIConfig(auth_enabled=True, auth_token=...)`.
### Details
**Anchor (file:line:symbol)**
- Vulnerable artifact: `praisonai==4.6.33` on PyPI.
- Defaults: `praisonai/deploy/models.py:29` — `auth_enabled: bool = Field(default=False, ...)`; `praisonai/deploy/models.py:30` — `auth_token: Optional[str] = Field(default=None, ...)`.
- Generator: `praisonai/deploy/api.py:40` — `AUTH_ENABLED = {config.auth_enabled}`; `api.py:41` — `AUTH_TOKEN = {repr(config.auth_token)}`; `api.py:43-49` — `def check_auth(): if not AUTH_ENABLED: return True`.
- CLI entry: documented as `praisonai deploy --type api` (vendor README); produces the generator output above with no flag required to suppress the warning, because no warning is emitted.
**Vulnerable code (verbatim from installed wheel)**
```python
# praisonai/deploy/models.py (praisonai==4.6.33)
class APIConfig(BaseModel):
host: str = Field(default="127.0.0.1", description="Server host")
port: int = Field(default=8005, description="Server port")
cors_enabled: bool = Field(default=True, description="Enable CORS")
auth_enabled: bool = Field(default=False, description="Enable authentication") # line 29
auth_token: OptionalAffected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mervinpraison | praisonai | >= 0 < 4.6.40 | 4.6.40 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MervinPraison PraisonAI up to 4.6.37 Flask Server missing authentication
vuldb·2026-05-30
CVE-2026-47393 [CRITICAL] MervinPraison PraisonAI up to 4.6.37 Flask Server missing authentication
A vulnerability classified as critical has been found in MervinPraison PraisonAI. Affected by this issue is some unknown functionality of the component Flask Server. Performing a manipulation results in missing authentication.
This vulnerability is identified as CVE-2026-47393. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
GHSA
PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
ghsa·2026-05-29·CVSS 7.3
CVE-2026-47393 [HIGH] CWE-1188 PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
### Summary
CVE-2026-44338 (GHSA-6rmh-7xcm-cpxj) documents that PraisonAI ships a code-generator (`praisonai.deploy.api.generate_api_server_code`) that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart (`praisonai deploy --type api`) get a server that:
- binds to `0.0.0.0` per the recommended sample YAML
- exposes `/chat` and `/agents` endpoints
- runs `praisonai.run()` on user-supplied JSON input — LLM orchestration with the API key materials present in the process environment
- does not require any authentication
The PyPI wheel `praisonai==4.6.33` (current `@latest`) still ships the generator with `auth_enabled` defaulting to `False`. T
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-29
Published