{"vulnerability": "cve-2026-4433", "sightings": [{"uuid": "dd83b8db-a6f0-43cb-adc2-0d3032863005", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4433", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhtmjja5tt2i", "content": "", "creation_timestamp": "2026-03-24T22:24:56.571217Z"}, {"uuid": "79af2063-b2ab-4dd8-88f8-abd7053ea78f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44331", "type": "seen", "source": "https://t.me/bdufstecru/3141", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 sqltab_fetch_clients_cb() FTP-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 ProFTPD \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0437\u0430\u043f\u0440\u043e\u0441\u0430 SQL. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 SQL-\u043a\u043e\u043c\u0430\u043d\u0434\u044b\n\nBDU:2026-06340\nCVE-2026-44331\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/NixOS/nixpkgs/pull/517211", "creation_timestamp": "2026-05-08T13:55:53.000000Z"}, {"uuid": "11201790-68d5-4e9c-a612-4734ae2627bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44331", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mlbfowdksi2g", "content": "proftpd: patch CVE-2026-44331\n\nhttps://github.com/NixOS/nixpkgs/pull/517211\n\nhttps://tracker.security.nixos.org/issues/NIXPKGS-2026-1407\n\n#security", "creation_timestamp": "2026-05-07T14:15:33.309859Z"}, {"uuid": "73ae9b8b-2403-44cc-8c3d-6b99a4f4b8e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44331", "type": "seen", "source": "https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3mlbjbgxhk72l", "content": "[Backport release-25.11] proftpd: patch CVE-2026-44331\n\nhttps://github.com/NixOS/nixpkgs/pull/517683\n\n#security", "creation_timestamp": "2026-05-07T15:19:35.637684Z"}, {"uuid": "cc86977d-af0d-47c3-8279-6e4ef9e234ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44337", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlebpa6xin2k", "content": "CVE-2026-44337 - PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries\nCVE ID : CVE-2026-44337\n \n Published : May 8, 2026, 2:16 p.m. | 26\u00a0minutes ago\n \n Description : PraisonAI is a multi-agent teams system. From version 2.4.1 to ...", "creation_timestamp": "2026-05-08T17:42:07.655707Z"}, {"uuid": "9cd5a28e-991c-4133-ba4a-138ef4949290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mleby6owc52o", "content": "CVE-2026-44338 - PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution\nCVE ID : CVE-2026-44338\n \n Published : May 8, 2026, 2:16 p.m. | 26\u00a0minutes ago\n \n Description : PraisonAI is a multi-agent te...", "creation_timestamp": "2026-05-08T17:47:08.020744Z"}, {"uuid": "0e2ab476-b1f9-46a2-94d2-944d240806b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4433", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mhvcqq6ubg2b", "content": "", "creation_timestamp": "2026-03-25T14:35:20.967415Z"}, {"uuid": "6c9da983-a640-4396-b1a0-56cd306f8eb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44331", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ml52qhxja22n", "content": "CVE-2026-44331 - ProFTPD SQL Injection Vulnerability\nCVE ID : CVE-2026-44331\n \n Published : May 5, 2026, 7:41 p.m. | 40\u00a0minutes ago\n \n Description : In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c ...", "creation_timestamp": "2026-05-05T20:48:54.816850Z"}, {"uuid": "d897d657-ebb3-4cd2-8e8d-48584adf56cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44331", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3ml4z4tbpat2g", "content": "\ud83d\udfe0 CVE-2026-44331 - High (8.1)\n\nIn ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_c...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44331/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-05T20:20:02.615332Z"}, {"uuid": "93f84c07-9eb1-4079-a359-f0800e2efaff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44331", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevata-vulnerabilita-in-proftpd-poc-pubblico-per-lo-sfruttamento-della-cve-2026-44331", "content": "Disponibile un Proof of Concept (PoC) per la CVE-2026-44331 - gi\u00e0 sanata dal vendor - presente nel software ProFTPD, noto server FTP open source. Tale vulnerabilit\u00e0, qualora sfruttata, potrebbe consentire ad un utente malintenzionato l'elusione dei meccanismi di sicurezza sui sistemi interessati.", "creation_timestamp": "2026-05-06T07:49:10.000000Z"}, {"uuid": "4dbc33c9-8e81-47a5-b376-f7f7d60b0b64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44339", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mle7rnihnv2h", "content": "CVE-2026-44339 - PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute\nCVE ID : CVE-2026-44339\n \n Published : May 8, 2026, 2:16 p.m. | 26\u00a0minutes ago\n \n Description : PraisonAI is a multi-agent teams system. Prior to...", "creation_timestamp": "2026-05-08T17:07:41.077238Z"}, {"uuid": "853b3b00-ab60-4534-9609-e2b2f5dcd0b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44339", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlex7odb7y2q", "content": "\ud83d\udccc CVE-2026-44339 - PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved too... https://www.cyberhub.blog/cves/CVE-2026-44339", "creation_timestamp": "2026-05-09T00:07:07.938208Z"}, {"uuid": "933f9f67-ec91-4135-817c-44cf5b60aa7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44334", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mleyvcbj5s2q", "content": "\ud83d\udccc CVE-2026-44334 - PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISON... https://www.cyberhub.blog/cves/CVE-2026-44334", "creation_timestamp": "2026-05-09T00:37:07.575188Z"}, {"uuid": "3b828cf4-f19f-4acc-9078-597bd0c414ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44334", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlealg3re52q", "content": "CVE-2026-44334 - PraisonAI: Unauthenticated RCE via `tool_override.py`\nCVE ID : CVE-2026-44334\n \n Published : May 8, 2026, 2:16 p.m. | 26\u00a0minutes ago\n \n Description : PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix g...", "creation_timestamp": "2026-05-08T17:22:06.094215Z"}, {"uuid": "8a0c1d26-6bf6-4304-99bc-33ecf607eee6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44335", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mleb5d663i2p", "content": "CVE-2026-44335 - SSRF bypass in PraisonAI\nCVE ID : CVE-2026-44335\n \n Published : May 8, 2026, 2:16 p.m. | 26\u00a0minutes ago\n \n Description : PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypa...", "creation_timestamp": "2026-05-08T17:32:06.876172Z"}, {"uuid": "e9bdb0d1-dd5e-4843-b31d-6b2507f2668e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44336", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlebgbpbtw2v", "content": "CVE-2026-44336 - PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection\nCVE ID : CVE-2026-44336\n \n Published : May 8, 2026, 2:16 p.m. | 26\u00a0minutes ago\n \n Description : PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Mod...", "creation_timestamp": "2026-05-08T17:37:07.385715Z"}, {"uuid": "79efaa67-b975-4018-96e1-cdc50c28f350", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44334", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlecpdnlsj2z", "content": "\ud83d\udfe0 CVE-2026-44334 - High (8.4)\n\nPraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44334/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T18:00:05.977533Z"}, {"uuid": "e5a8aa35-8012-460f-97b5-7a2c8ebc889c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44339", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlecpl5z5z2z", "content": "\ud83d\udfe0 CVE-2026-44339 - High (8.6)\n\nPraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents ve...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44339/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T18:00:13.889727Z"}, {"uuid": "8622ec14-f880-4713-bbae-5f842915e767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "Telegram/9o3OraGU37j82BxrRlUk8vxx1PBgwrK7pwu6SZltlHYs9g", "content": "", "creation_timestamp": "2026-05-14T15:08:01.000000Z"}, {"uuid": "fb5480a9-0026-49f3-9291-1ee5d0975c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/10387", "content": "PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure \u2013 thehackernews.com\n\nThu, 14 May 2026 19:40:14", "creation_timestamp": "2026-05-14T16:03:10.000000Z"}, {"uuid": "6e3c70c4-5c22-465f-a6d6-f4dc4eede496", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mltebtcl552u", "content": "CVE-2026-44338\uff1a4\u6642\u9593\u4ee5\u4e0b\u306ePraisonAI\u8a8d\u8a3c\u56de\u907f\u3068\u6025\u901f\u306a\u60aa\u7528\u306e\u5897\u52a0\u50be\u5411\n\n\u8105\u5a01\u7814\u7a76\u30c7\u30a3\u30ec\u30af\u30bf\u30fc2026\u5e745\u670811\u65e5\u3001GitHub\u306f\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\u30fcGHSA-6rmh-7xcm-cpxj\u3092\u516c\u958b\u3057\u3001CVE-2026-44338\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u3044\u308bPraisonAI\uff08\u7d047,100\u306eGitHub\u30b9\u30bf\u30fc\u3092\u6301\u3064\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30de\u30eb\u30c1\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u30aa\u30fc\u30b1\u30b9\u30c8\u30ec\u30fc\u30b7\u30e7\u30f3\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\uff09\u5411\u3051\u306e\u8106\u5f31\u6027\u3092\u767a\u8868\u3057\u307e\u3057\u305f", "creation_timestamp": "2026-05-14T17:38:15.194985Z"}, {"uuid": "53d213d7-7baa-4a9a-b099-d79a7777d15b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44335", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlekvcmnq52g", "content": "\ud83d\udd34 CVE-2026-44335 - Critical (9.8)\n\nPraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in Prais...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44335/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T20:26:35.583621Z"}, {"uuid": "20f9fac3-c832-4860-b156-2e4e01f57616", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44336", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mlekvk3x6w2t", "content": "\ud83d\udd34 CVE-2026-44336 - Critical (9.6)\n\nPraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context ...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-44336/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-08T20:26:43.887240Z"}, {"uuid": "20013e69-861c-4681-b626-1f2528130ecc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://t.me/cibsecurity/89367", "content": "\ud83d\udd8b\ufe0f PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure \ud83d\udd8b\ufe0f\n\nThreat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an opensource multiagent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE202644338 CVSS score 7.3, a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2026-05-14T12:15:15.000000Z"}, {"uuid": "d8d7c2ea-9dea-4a28-a985-0406551fd849", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://t.me/ctinow/250278", "content": "PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure\nhttps://ift.tt/c7f1hdY", "creation_timestamp": "2026-05-14T12:09:14.000000Z"}, {"uuid": "90610955-18a8-4cf0-8715-3094b0fbface", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "exploited", "source": "https://t.me/thehackernews/9002", "content": "\ud83d\udea8 Threat actors targeted PraisonAI CVE-2026-44338, an authentication bypass vulnerability, within hours of disclosure.\n\nThe flaw affects versions 2.5.6\u20134.6.33 and can expose the /agents endpoint without authorization.\n\nRead the full report: https://thehackernews.com/2026/05/praisonai-cve-2026-44338-auth-bypass.html", "creation_timestamp": "2026-05-14T11:46:49.000000Z"}, {"uuid": "3c6512d3-0d2b-4b91-a267-c93c407fbdb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://thehackernews.com/2026/05/praisonai-cve-2026-44338-auth-bypass.html", "content": "Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure.\nThe vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the", "creation_timestamp": "2026-05-14T09:40:14.000000Z"}, {"uuid": "f4f57ff6-49e5-456d-aad9-c1af14bd386c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mlsz6sz5gn2e", "content": "The disclosure-to-exploit window has collapsed. \u23f1\ufe0f A critical auth bypass in PraisonAI (CVE-2026-44338) was exploited by automated scanners in under 4 hours. A stark reminder to patch immediately. #CyberSecurity #Vulnerability #Automation #AI", "creation_timestamp": "2026-05-14T14:24:12.615407Z"}, {"uuid": "c51a7e91-366b-4a74-bd81-ad4153674404", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44338", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116573362917939504", "content": "\ud83d\udcf0 PraisonAI Auth Bypass (CVE-2026-44338) Exploited Within Four Hours of Disclosure\nThe disclosure-to-exploit window has collapsed. \u23f1\ufe0f A critical auth bypass in PraisonAI (CVE-2026-44338) was exploited by automated scanners in under 4 hours. A stark reminder to patch immediately. #CyberSecurity #Vulnerability #Automation #AI\n\ud83d\udd17 https://cyber.netsecops.io/articles/praisonai-auth-bypass-cve-2026-44338-exploited-within-hours-of-disclosure/?utm_source=mastodon&utm_medium=social&utm_campaign=daily", "creation_timestamp": "2026-05-14T14:26:30.980227Z"}, {"uuid": "4f00ea56-f4e8-45e3-b315-6a717dfa216f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "exploited", "source": "https://t.me/htfgtps/1136", "content": "Threat actors targeted PraisonAl CVE-2026-44338, an\nauthentication\nbypass vulnerability, within hours of disclosure.\nThe flaw affects versions 2.5.6-4.6.33 and can expose\nthe /agents\nendpoint without authorization.", "creation_timestamp": "2026-05-14T14:20:11.000000Z"}, {"uuid": "101ab41f-3c1f-492c-a830-e6e45b277e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/bigearthdata.ai/post/3mlt4tni5mp27", "content": "PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure\n->The Hacker News | More on \"PraisonAI authentication bypass vulnerability exploited\" at BigEarthData.ai", "creation_timestamp": "2026-05-14T15:25:18.671898Z"}, {"uuid": "058ca8bd-370b-4d3c-adfe-f3ca4af9ad52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://t.me/GithubRedTeam/84267", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-44338\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a HORKimhab\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-15 01:45:26\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-44338\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-15T02:00:05.000000Z"}, {"uuid": "63bb5be2-adad-4659-b558-6c53dff7eadc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "published-proof-of-concept", "source": "Telegram/tjgrzpu_dxl6dwKI7zyqcFMKKJNj87hWK2Sc-mpFVOelTAw", "content": "", "creation_timestamp": "2026-05-15T09:00:04.000000Z"}, {"uuid": "2fd9a7c8-7f26-4bbf-babb-e4c000c86539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://t.me/true_secator/8205", "content": "\u0425\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c PraisonAI \u043c\u0435\u043d\u0435\u0435 \u0447\u0435\u043c \u0447\u0435\u0440\u0435\u0437 \u0447\u0435\u0442\u044b\u0440\u0435 \u0447\u0430\u0441\u0430 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u043e\u0431\u0445\u043e\u0434\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u043d\u0430.\n\nPraisonAI - \u044d\u0442\u043e \u043c\u0443\u043b\u044c\u0442\u0438\u0430\u0433\u0435\u043d\u0442\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u0442\u044c \u0430\u0432\u0442\u043e\u043d\u043e\u043c\u043d\u044b\u0445 \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u0437\u0430\u0434\u0430\u0447. \u041f\u0435\u0440\u0432\u044b\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Sysdig.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-44338 \u0438 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0442\u0435\u043c, \u043a\u0430\u043a \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 PraisonAI \u043e\u0442 2.5.6 \u0434\u043e 4.6.33 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 Flask API, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0431\u044b\u043b\u0430 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e.\n\n\u041f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u044d\u0442\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043b\u044e\u0431\u043e\u0439 \u0430\u0431\u043e\u043d\u0435\u043d\u0442, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u043a \u043d\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a\u00a0/agents\u00a0\u0438 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 agents.yaml \u0447\u0435\u0440\u0435\u0437\u00a0/chat \u0431\u0435\u0437 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u043e\u043a\u0435\u043d\u0430.\n\n\u041f\u0440\u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 /agents \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0433\u0435\u043d\u0442\u0430, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a /chat \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 \u043b\u044e\u0431\u043e\u0439 JSON-\u043e\u0431\u044a\u0435\u043a\u0442 \u0441 \u043a\u043b\u044e\u0447\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 agents.yaml, \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u0443\u044f \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f.\n\n\u041f\u043e \u043e\u0446\u0435\u043d\u043a\u0435 Sysdig, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441\u043e \u0441\u043a\u0430\u043d\u0435\u0440\u043e\u043c, \u0430 \u043d\u0435 \u0441 \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0414\u0432\u0430 \u043f\u0440\u043e\u0445\u043e\u0434\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u043b\u0438\u0441\u044c \u0441 \u0438\u043d\u0442\u0435\u0440\u0432\u0430\u043b\u043e\u043c \u0432 \u0432\u043e\u0441\u0435\u043c\u044c \u043c\u0438\u043d\u0443\u0442, \u043a\u0430\u0436\u0434\u044b\u0439 \u0438\u0437 \u043d\u0438\u0445 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u043b \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 70 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0437\u0430 \u043f\u0440\u0438\u0431\u043b\u0438\u0437\u0438\u0442\u0435\u043b\u044c\u043d\u043e 50 \u0441\u0435\u043a\u0443\u043d\u0434.\n\n\u041f\u0435\u0440\u0432\u044b\u0439 \u043f\u0440\u043e\u0445\u043e\u0434 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u043b \u043e\u0431\u0449\u0438\u0435 \u043f\u0443\u0442\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (/.env, /admin, /users/sign_in, /eval, /calculate, /Gemfile.lock). \u0412\u0442\u043e\u0440\u043e\u0439 \u043f\u0440\u043e\u0445\u043e\u0434 \u0441\u0443\u0437\u0438\u043b \u043e\u0431\u043b\u0430\u0441\u0442\u044c \u043f\u043e\u0438\u0441\u043a\u0430 \u0434\u043e \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u0435\u0439, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u0430\u043c\u0438.\n\n\u0410\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 /agents, \u043d\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0432 /chat \u043d\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u043b\u0438\u0441\u044c, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u043e\u043f\u044b\u0442\u043a\u0430 \u0431\u044b\u043b\u0430 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d\u0430 \u043d\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0435 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435.\n\n\u041a\u0430\u043a \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u0435\u0442 Sysdig, \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (RCE) \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435\u043f\u0440\u043e\u0441\u0442\u043e, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u043e, \u0434\u043b\u044f \u0447\u0435\u0433\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u0444\u0430\u0439\u043b agents.yaml.\n\n\u0412 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043e\u0431\u044b\u0447\u043d\u043e \u043e\u0431\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u043a \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c LLM (\u0442\u0430\u043a\u0438\u043c \u043a\u0430\u043a Anthropic, Bedrock, OpenAI \u0438 \u0434\u0440\u0443\u0433\u0438\u0435), \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c (\u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u0434\u0430, \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0439 \u0432\u0432\u043e\u0434-\u0432\u044b\u0432\u043e\u0434) \u0438\u043b\u0438 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u0438\u043c\u044f \u0444\u0430\u0439\u043b\u0430 \u0430\u0433\u0435\u043d\u0442\u0430 \u0438 \u0441\u043f\u0438\u0441\u043e\u043a \u0430\u0433\u0435\u043d\u0442\u043e\u0432.\n\n\u0421\u0430\u043c \u043f\u043e \u0441\u0435\u0431\u0435 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d \u0443\u0434\u0430\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0438\u0437 \u0442\u0440\u0438\u0433\u0433\u0435\u0440\u0430 \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440 \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u043e \u043e\u0442\u043a\u0440\u044b\u043b \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0447\u0435\u0433\u043e-\u0442\u043e \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0433\u043e, \u043f\u0440\u0435\u0434\u0435\u043b \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0442\u0435\u043c, \u0447\u0442\u043e \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u044d\u0442\u043e\u043c\u0443 \u0440\u0430\u0431\u043e\u0447\u0435\u043c\u0443 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0443.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 PraisonAI 4.6.34. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0432 Black Duck \u043e\u0442\u043c\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 \u0418\u0418 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u0442\u044c \u043e\u0442 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043a \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0432 \u0442\u0430\u043a\u0438\u0435 \u0441\u0440\u043e\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u043d\u044c\u0448\u0435 \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u043e.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432\u0440\u0435\u043c\u044f, \u043e\u0442\u0432\u0435\u0434\u0435\u043d\u043d\u043e\u0435 \u043d\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 \u043f\u0430\u0442\u0447\u0435\u0439, \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u0438\u043b\u0438 \u0434\u0430\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0437\u043e\u043d\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0441\u043e\u043a\u0440\u0430\u0442\u0438\u043b\u043e\u0441\u044c. \n\n\u0411\u044b\u0441\u0442\u0440\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u043e\u043b\u044c\u0448\u0435 \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c, \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b\u043c \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f 0-day - \u043e\u043d\u0430 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u043d\u043e\u0440\u043c\u043e\u0439.\n\n\u041f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043e\u0446\u0435\u043d\u043a\u0438 \u0440\u0438\u0441\u043a\u043e\u0432 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0438 \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0431\u043e\u043b\u044c\u0448\u0435 \u043d\u0435 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b.\n\n\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0443\u0433\u0440\u043e\u0437 \u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0447\u0430\u0441\u043e\u0432, \u0430 \u043d\u0435 \u0434\u043d\u0435\u0439, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.", "creation_timestamp": "2026-05-14T18:30:06.000000Z"}, {"uuid": "2d992f7b-2eaf-4e2b-ad39-9b405949d1e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44338", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlu3osjbxw2w", "content": "\ud83d\udccc Scanners Target PraisonAI Within Four Hours of CVE-2026-44338 Disclosure https://www.cyberhub.blog/article/25930-scanners-target-praisonai-within-four-hours-of-cve-2026-44338-disclosure", "creation_timestamp": "2026-05-15T00:37:06.606635Z"}, {"uuid": "6c39a1b4-f86b-4994-a22a-5f73d4fd9fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mlvnsnwyyd25", "content": "Critical vulnerability CVE-2026-44338 in PraisonAI exploited within hours of disclosure. Users must patch immediately to prevent unauthorized access. #CyberSecurity #PraisonAI #CVE202644338 Link: thedailytechfeed.com/praisonai-fl...", "creation_timestamp": "2026-05-15T15:34:05.216439Z"}, {"uuid": "1112e944-e3bb-4cd9-94b7-5ff6cf5281ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44330", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmwaoshibg2p", "content": "\ud83d\udccc CVE-2026-44330 - free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbou... https://www.cyberhub.blog/cves/CVE-2026-44330", "creation_timestamp": "2026-05-28T14:37:06.555716Z"}, {"uuid": "94d3fb55-fb21-43a8-ae4f-ded1531ab863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mm4flynblb2y", "content": "\u81ea\u5f8b\u578bAI\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3092\u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u3059\u308b\u305f\u3081\u306b\u60aa\u7528\u3055\u308c\u308b\u91cd\u5927\u306a\u8a8d\u8a3c\u524d\u306e\u8106\u5f31\u6027 CVE-2026-44338\n\n\u6575\u5bfe\u8005\u306f\u3001\u91cd\u5927\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6b20\u9665\u306e\u516c\u958b\u304b\u3089\u308f\u305a\u304b4\u6642\u9593\u4ee5\u5185\u306b\u3001\u8106\u5f31\u306aPraisonAI\u30ce\u30fc\u30c9\u306b\u5bfe\u3059\u308b\u6a19\u7684\u578b\u5075\u5bdf\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u958b\u59cb\u3057\u307e\u3057\u305f\u3002CVE-Detector/1.0\u3068\u3057\u3066\u8b58\u5225\u3055\u308c\u308b\u81ea\u52d5\u30b9\u30ad\u30e3\u30f3\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u306f\u3001\u8b66\u544a\u304c\u8868\u9762\u5316\u3057\u305f\u76f4\u5f8c\u306b\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u306e\u9732\u51fa\u3057\u305f\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306b\u5bfe\u3059\u308b\u653b\u6483\u3092\u958b\u59cb\u3057\u3001Sysdig\u306e\u8105\u5a01\u30a4\u30f3", "creation_timestamp": "2026-05-18T07:55:48.289000Z"}, {"uuid": "e0e98f02-33c5-41fa-8ac8-ce674ac9f1b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44337", "type": "published-proof-of-concept", "source": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-3643-7v76-5cj2", "content": "", "creation_timestamp": "2026-05-03T05:26:18.000000Z"}, {"uuid": "4c65ba5f-2a8c-486c-83b2-3c5d1412c488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44336", "type": "published-proof-of-concept", "source": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-9mqq-jqxf-grvw", "content": "", "creation_timestamp": "2026-05-03T05:26:17.000000Z"}, {"uuid": "3e26e59a-2fe0-45dd-9d84-117578c62610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44338", "type": "published-proof-of-concept", "source": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6rmh-7xcm-cpxj", "content": "", "creation_timestamp": "2026-05-03T05:26:18.000000Z"}, {"uuid": "50d1af5c-ae37-47ed-8510-ff30d4a93761", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44339", "type": "published-proof-of-concept", "source": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-gmjg-hv98-qggq", "content": "", "creation_timestamp": "2026-05-04T16:26:57.000000Z"}, {"uuid": "9a43c306-4281-428f-8b9b-b9383e0a8192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44338", "type": "seen", "source": "https://bsky.app/profile/samwise-goose.bsky.social/post/3mly7fpybet2a", "content": "PraisonAI auth bypass exploited within 4 hours of disclosure. The window between CVE publication and active exploitation is now measured in hours, not days. Patch before you tweet about it.\n\nhttps://thehackernews.com/2026/05/praisonai-cve-2026-44338-auth-bypass.html", "creation_timestamp": "2026-05-16T15:54:16.358654Z"}, {"uuid": "115d45a7-d70f-419a-b24d-b9ff004d32a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44335", "type": "published-proof-of-concept", "source": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q9pw-vmhh-384g", "content": "", "creation_timestamp": "2026-04-29T06:00:07.000000Z"}]}