{"vulnerability": "cve-2026-44338", "sightings": [{"uuid": "9cd5a28e-991c-4133-ba4a-138ef4949290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mleby6owc52o", "content": "CVE-2026-44338 - PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution\nCVE ID : CVE-2026-44338\n \n Published : May 8, 2026, 2:16 p.m. | 26\u00a0minutes ago\n \n Description : PraisonAI is a multi-agent te...", "creation_timestamp": "2026-05-08T17:47:08.020744Z"}, {"uuid": "20013e69-861c-4681-b626-1f2528130ecc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://t.me/cibsecurity/89367", "content": "\ud83d\udd8b\ufe0f PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure \ud83d\udd8b\ufe0f\n\nThreat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an opensource multiagent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE202644338 CVSS score 7.3, a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the.\n\n\ud83d\udcd6 Read more.\n\n\ud83d\udd17 Via \"The Hacker News\"\n\n----------\n\ud83d\udc41\ufe0f Seen on @cibsecurity", "creation_timestamp": "2026-05-14T12:15:15.000000Z"}, {"uuid": "d8d7c2ea-9dea-4a28-a985-0406551fd849", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://t.me/ctinow/250278", "content": "PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure\nhttps://ift.tt/c7f1hdY", "creation_timestamp": "2026-05-14T12:09:14.000000Z"}, {"uuid": "90610955-18a8-4cf0-8715-3094b0fbface", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "exploited", "source": "https://t.me/thehackernews/9002", "content": "\ud83d\udea8 Threat actors targeted PraisonAI CVE-2026-44338, an authentication bypass vulnerability, within hours of disclosure.\n\nThe flaw affects versions 2.5.6\u20134.6.33 and can expose the /agents endpoint without authorization.\n\nRead the full report: https://thehackernews.com/2026/05/praisonai-cve-2026-44338-auth-bypass.html", "creation_timestamp": "2026-05-14T11:46:49.000000Z"}, {"uuid": "3c6512d3-0d2b-4b91-a267-c93c407fbdb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://thehackernews.com/2026/05/praisonai-cve-2026-44338-auth-bypass.html", "content": "Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure.\nThe vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the", "creation_timestamp": "2026-05-14T09:40:14.000000Z"}, {"uuid": "f4f57ff6-49e5-456d-aad9-c1af14bd386c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mlsz6sz5gn2e", "content": "The disclosure-to-exploit window has collapsed. \u23f1\ufe0f A critical auth bypass in PraisonAI (CVE-2026-44338) was exploited by automated scanners in under 4 hours. A stark reminder to patch immediately. #CyberSecurity #Vulnerability #Automation #AI", "creation_timestamp": "2026-05-14T14:24:12.615407Z"}, {"uuid": "c51a7e91-366b-4a74-bd81-ad4153674404", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44338", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116573362917939504", "content": "\ud83d\udcf0 PraisonAI Auth Bypass (CVE-2026-44338) Exploited Within Four Hours of Disclosure\nThe disclosure-to-exploit window has collapsed. \u23f1\ufe0f A critical auth bypass in PraisonAI (CVE-2026-44338) was exploited by automated scanners in under 4 hours. A stark reminder to patch immediately. #CyberSecurity #Vulnerability #Automation #AI\n\ud83d\udd17 https://cyber.netsecops.io/articles/praisonai-auth-bypass-cve-2026-44338-exploited-within-hours-of-disclosure/?utm_source=mastodon&amp;utm_medium=social&amp;utm_campaign=daily", "creation_timestamp": "2026-05-14T14:26:30.980227Z"}, {"uuid": "4f00ea56-f4e8-45e3-b315-6a717dfa216f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "exploited", "source": "https://t.me/htfgtps/1136", "content": "Threat actors targeted PraisonAl CVE-2026-44338, an\nauthentication\nbypass vulnerability, within hours of disclosure.\nThe flaw affects versions 2.5.6-4.6.33 and can expose\nthe /agents\nendpoint without authorization.", "creation_timestamp": "2026-05-14T14:20:11.000000Z"}, {"uuid": "101ab41f-3c1f-492c-a830-e6e45b277e32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/bigearthdata.ai/post/3mlt4tni5mp27", "content": "PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure\n-&gt;The Hacker News | More on \"PraisonAI authentication bypass vulnerability exploited\" at BigEarthData.ai", "creation_timestamp": "2026-05-14T15:25:18.671898Z"}, {"uuid": "2fd9a7c8-7f26-4bbf-babb-e4c000c86539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://t.me/true_secator/8205", "content": "\u0425\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c PraisonAI \u043c\u0435\u043d\u0435\u0435 \u0447\u0435\u043c \u0447\u0435\u0440\u0435\u0437 \u0447\u0435\u0442\u044b\u0440\u0435 \u0447\u0430\u0441\u0430 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u043e\u0431\u0445\u043e\u0434\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u043d\u0430.\n\nPraisonAI - \u044d\u0442\u043e \u043c\u0443\u043b\u044c\u0442\u0438\u0430\u0433\u0435\u043d\u0442\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u0442\u044c \u0430\u0432\u0442\u043e\u043d\u043e\u043c\u043d\u044b\u0445 \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u0437\u0430\u0434\u0430\u0447. \u041f\u0435\u0440\u0432\u044b\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Sysdig.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-44338 \u0438 \u043e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u0430 \u0442\u0435\u043c, \u043a\u0430\u043a \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 PraisonAI \u043e\u0442 2.5.6 \u0434\u043e 4.6.33 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 Flask API, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0431\u044b\u043b\u0430 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e.\n\n\u041f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u044d\u0442\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043b\u044e\u0431\u043e\u0439 \u0430\u0431\u043e\u043d\u0435\u043d\u0442, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u043a \u043d\u0435\u043c\u0443 \u0434\u043e\u0441\u0442\u0443\u043f, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a\u00a0/agents\u00a0\u0438 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 agents.yaml \u0447\u0435\u0440\u0435\u0437\u00a0/chat \u0431\u0435\u0437 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u043e\u043a\u0435\u043d\u0430.\n\n\u041f\u0440\u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 /agents \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0433\u0435\u043d\u0442\u0430, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a /chat \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 \u043b\u044e\u0431\u043e\u0439 JSON-\u043e\u0431\u044a\u0435\u043a\u0442 \u0441 \u043a\u043b\u044e\u0447\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 agents.yaml, \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u0443\u044f \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f.\n\n\u041f\u043e \u043e\u0446\u0435\u043d\u043a\u0435 Sysdig, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441\u043e \u0441\u043a\u0430\u043d\u0435\u0440\u043e\u043c, \u0430 \u043d\u0435 \u0441 \u0438\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0414\u0432\u0430 \u043f\u0440\u043e\u0445\u043e\u0434\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u043b\u0438\u0441\u044c \u0441 \u0438\u043d\u0442\u0435\u0440\u0432\u0430\u043b\u043e\u043c \u0432 \u0432\u043e\u0441\u0435\u043c\u044c \u043c\u0438\u043d\u0443\u0442, \u043a\u0430\u0436\u0434\u044b\u0439 \u0438\u0437 \u043d\u0438\u0445 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u043b \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e 70 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u0437\u0430 \u043f\u0440\u0438\u0431\u043b\u0438\u0437\u0438\u0442\u0435\u043b\u044c\u043d\u043e 50 \u0441\u0435\u043a\u0443\u043d\u0434.\n\n\u041f\u0435\u0440\u0432\u044b\u0439 \u043f\u0440\u043e\u0445\u043e\u0434 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u043b \u043e\u0431\u0449\u0438\u0435 \u043f\u0443\u0442\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (/.env, /admin, /users/sign_in, /eval, /calculate, /Gemfile.lock). \u0412\u0442\u043e\u0440\u043e\u0439 \u043f\u0440\u043e\u0445\u043e\u0434 \u0441\u0443\u0437\u0438\u043b \u043e\u0431\u043b\u0430\u0441\u0442\u044c \u043f\u043e\u0438\u0441\u043a\u0430 \u0434\u043e \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u0435\u0439, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0418\u0418-\u0430\u0433\u0435\u043d\u0442\u0430\u043c\u0438.\n\n\u0410\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 /agents, \u043d\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0432 /chat \u043d\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u043b\u0438\u0441\u044c, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u043e\u043f\u044b\u0442\u043a\u0430 \u0431\u044b\u043b\u0430 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d\u0430 \u043d\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0435 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435.\n\n\u041a\u0430\u043a \u043e\u0431\u044a\u044f\u0441\u043d\u044f\u0435\u0442 Sysdig, \u0434\u043e\u0431\u0438\u0442\u044c\u0441\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 (RCE) \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435\u043f\u0440\u043e\u0441\u0442\u043e, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u043e, \u0434\u043b\u044f \u0447\u0435\u0433\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u0444\u0430\u0439\u043b agents.yaml.\n\n\u0412 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445 \u0440\u0430\u0431\u043e\u0447\u0438\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043e\u0431\u044b\u0447\u043d\u043e \u043e\u0431\u0440\u0430\u0449\u0430\u0435\u0442\u0441\u044f \u043a \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c LLM (\u0442\u0430\u043a\u0438\u043c \u043a\u0430\u043a Anthropic, Bedrock, OpenAI \u0438 \u0434\u0440\u0443\u0433\u0438\u0435), \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c (\u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u0434\u0430, \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0439 \u0432\u0432\u043e\u0434-\u0432\u044b\u0432\u043e\u0434) \u0438\u043b\u0438 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u0438\u043c\u044f \u0444\u0430\u0439\u043b\u0430 \u0430\u0433\u0435\u043d\u0442\u0430 \u0438 \u0441\u043f\u0438\u0441\u043e\u043a \u0430\u0433\u0435\u043d\u0442\u043e\u0432.\n\n\u0421\u0430\u043c \u043f\u043e \u0441\u0435\u0431\u0435 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430, \u043e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043e\u043d \u0443\u0434\u0430\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0438\u0437 \u0442\u0440\u0438\u0433\u0433\u0435\u0440\u0430 \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440 \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u043e \u043e\u0442\u043a\u0440\u044b\u043b \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0447\u0435\u0433\u043e-\u0442\u043e \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0433\u043e, \u043f\u0440\u0435\u0434\u0435\u043b \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0442\u0435\u043c, \u0447\u0442\u043e \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u044d\u0442\u043e\u043c\u0443 \u0440\u0430\u0431\u043e\u0447\u0435\u043c\u0443 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0443.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 PraisonAI 4.6.34. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0432 Black Duck \u043e\u0442\u043c\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 \u0418\u0418 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u0442\u044c \u043e\u0442 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043a \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0435\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u0432 \u0442\u0430\u043a\u0438\u0435 \u0441\u0440\u043e\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u043d\u044c\u0448\u0435 \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u043e.\n\n\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0432\u0440\u0435\u043c\u044f, \u043e\u0442\u0432\u0435\u0434\u0435\u043d\u043d\u043e\u0435 \u043d\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 \u043f\u0430\u0442\u0447\u0435\u0439, \u0441\u043c\u044f\u0433\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0439 \u0438\u043b\u0438 \u0434\u0430\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0437\u043e\u043d\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0441\u043e\u043a\u0440\u0430\u0442\u0438\u043b\u043e\u0441\u044c. \n\n\u0411\u044b\u0441\u0442\u0440\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u043e\u043b\u044c\u0448\u0435 \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c, \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u044b\u043c \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f 0-day - \u043e\u043d\u0430 \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u043d\u043e\u0440\u043c\u043e\u0439.\n\n\u041f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u043e\u0446\u0435\u043d\u043a\u0438 \u0440\u0438\u0441\u043a\u043e\u0432 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0438 \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0431\u043e\u043b\u044c\u0448\u0435 \u043d\u0435 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b.\n\n\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u0442\u044c\u0441\u044f \u043d\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0443\u0433\u0440\u043e\u0437 \u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0447\u0430\u0441\u043e\u0432, \u0430 \u043d\u0435 \u0434\u043d\u0435\u0439, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u0433\u0440\u043e\u0437\u0435, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 \u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.", "creation_timestamp": "2026-05-14T18:30:06.000000Z"}, {"uuid": "fb5480a9-0026-49f3-9291-1ee5d0975c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/10387", "content": "PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure \u2013 thehackernews.com\n\nThu, 14 May 2026 19:40:14", "creation_timestamp": "2026-05-14T16:03:10.000000Z"}, {"uuid": "6e3c70c4-5c22-465f-a6d6-f4dc4eede496", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mltebtcl552u", "content": "CVE-2026-44338\uff1a4\u6642\u9593\u4ee5\u4e0b\u306ePraisonAI\u8a8d\u8a3c\u56de\u907f\u3068\u6025\u901f\u306a\u60aa\u7528\u306e\u5897\u52a0\u50be\u5411\n\n\u8105\u5a01\u7814\u7a76\u30c7\u30a3\u30ec\u30af\u30bf\u30fc2026\u5e745\u670811\u65e5\u3001GitHub\u306f\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\u30fcGHSA-6rmh-7xcm-cpxj\u3092\u516c\u958b\u3057\u3001CVE-2026-44338\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u3044\u308bPraisonAI\uff08\u7d047,100\u306eGitHub\u30b9\u30bf\u30fc\u3092\u6301\u3064\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30de\u30eb\u30c1\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u30aa\u30fc\u30b1\u30b9\u30c8\u30ec\u30fc\u30b7\u30e7\u30f3\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\uff09\u5411\u3051\u306e\u8106\u5f31\u6027\u3092\u767a\u8868\u3057\u307e\u3057\u305f", "creation_timestamp": "2026-05-14T17:38:15.194985Z"}, {"uuid": "8622ec14-f880-4713-bbae-5f842915e767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "Telegram/9o3OraGU37j82BxrRlUk8vxx1PBgwrK7pwu6SZltlHYs9g", "content": "", "creation_timestamp": "2026-05-14T15:08:01.000000Z"}, {"uuid": "058ca8bd-370b-4d3c-adfe-f3ca4af9ad52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://t.me/GithubRedTeam/84267", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-44338\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a HORKimhab\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-15 01:45:26\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-44338\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-15T02:00:05.000000Z"}, {"uuid": "2d992f7b-2eaf-4e2b-ad39-9b405949d1e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44338", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlu3osjbxw2w", "content": "\ud83d\udccc Scanners Target PraisonAI Within Four Hours of CVE-2026-44338 Disclosure https://www.cyberhub.blog/article/25930-scanners-target-praisonai-within-four-hours-of-cve-2026-44338-disclosure", "creation_timestamp": "2026-05-15T00:37:06.606635Z"}, {"uuid": "6c39a1b4-f86b-4994-a22a-5f73d4fd9fde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mlvnsnwyyd25", "content": "Critical vulnerability CVE-2026-44338 in PraisonAI exploited within hours of disclosure. Users must patch immediately to prevent unauthorized access. #CyberSecurity #PraisonAI #CVE202644338 Link: thedailytechfeed.com/praisonai-fl...", "creation_timestamp": "2026-05-15T15:34:05.216439Z"}, {"uuid": "9a43c306-4281-428f-8b9b-b9383e0a8192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-44338", "type": "seen", "source": "https://bsky.app/profile/samwise-goose.bsky.social/post/3mly7fpybet2a", "content": "PraisonAI auth bypass exploited within 4 hours of disclosure. The window between CVE publication and active exploitation is now measured in hours, not days. Patch before you tweet about it.\n\nhttps://thehackernews.com/2026/05/praisonai-cve-2026-44338-auth-bypass.html", "creation_timestamp": "2026-05-16T15:54:16.358654Z"}, {"uuid": "63bb5be2-adad-4659-b558-6c53dff7eadc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "published-proof-of-concept", "source": "Telegram/tjgrzpu_dxl6dwKI7zyqcFMKKJNj87hWK2Sc-mpFVOelTAw", "content": "", "creation_timestamp": "2026-05-15T09:00:04.000000Z"}, {"uuid": "94d3fb55-fb21-43a8-ae4f-ded1531ab863", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-44338", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mm4flynblb2y", "content": "\u81ea\u5f8b\u578bAI\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u3092\u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u3059\u308b\u305f\u3081\u306b\u60aa\u7528\u3055\u308c\u308b\u91cd\u5927\u306a\u8a8d\u8a3c\u524d\u306e\u8106\u5f31\u6027 CVE-2026-44338\n\n\u6575\u5bfe\u8005\u306f\u3001\u91cd\u5927\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6b20\u9665\u306e\u516c\u958b\u304b\u3089\u308f\u305a\u304b4\u6642\u9593\u4ee5\u5185\u306b\u3001\u8106\u5f31\u306aPraisonAI\u30ce\u30fc\u30c9\u306b\u5bfe\u3059\u308b\u6a19\u7684\u578b\u5075\u5bdf\u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u3092\u958b\u59cb\u3057\u307e\u3057\u305f\u3002CVE-Detector/1.0\u3068\u3057\u3066\u8b58\u5225\u3055\u308c\u308b\u81ea\u52d5\u30b9\u30ad\u30e3\u30f3\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u306f\u3001\u8b66\u544a\u304c\u8868\u9762\u5316\u3057\u305f\u76f4\u5f8c\u306b\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u306e\u9732\u51fa\u3057\u305f\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u306b\u5bfe\u3059\u308b\u653b\u6483\u3092\u958b\u59cb\u3057\u3001Sysdig\u306e\u8105\u5a01\u30a4\u30f3", "creation_timestamp": "2026-05-18T07:55:48.289000Z"}, {"uuid": "3e26e59a-2fe0-45dd-9d84-117578c62610", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-44338", "type": "published-proof-of-concept", "source": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6rmh-7xcm-cpxj", "content": "", "creation_timestamp": "2026-05-03T05:26:18.000000Z"}]}