PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

⚠️ THREAT ALERT: PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

The disclosed vulnerability CVE‑2026‑44338 affects the authentication module of PraisonAI’s proprietary inference‑gateway service, which implements a custom OAuth‑2.0 flow atop a Node.js 20.x runtime. The flaw originates from improper validation of the “state” parameter during the redirection phase; the gateway accepts any base64‑encoded string without verifying its cryptographic signature, allowing an attacker to inject a malicious redirect URI and capture the authorization code. By chaining this with a known deserialization bug in the underlying “jsonwebtoken” library (CVE‑2026‑21215), the adversary can craft a signed token that the server accepts as legitimate, effectively bypassing the entire authentication barrier and gaining administrative access to the model management API within seconds of token issuance. The exploit is trivially reproducible using a single HTTP GET request to the /auth/callback endpoint with a crafted “state” value, followed by a POST to /api/v1/models with the forged JWT, and has been observed in the wild within hours of public disclosure.

Threat actors have leveraged this vector to enumerate deployed models, exfiltrate proprietary training datasets, and inject malicious prompts that manipulate downstream inference results. The impact is amplified by the default cloud‑native deployment configuration, which exposes the gateway on a public load balancer without IP allow‑list restrictions. Evidence from the initial intrusion set shows the use of automated scanners that probe for the malformed state token, followed by a rapid pivot to credential‑stealing scripts that harvest the “admin_token” stored in a Redis cache (Redis version 7.2.5, vulnerable to CVE‑2026‑33901). The combination of authentication bypass and insecure session storage creates a full‑chain compromise path that allows persistent remote code execution via model‑triggered webhooks.

Mitigation requires immediate patching of the authentication flow to enforce HMAC‑SHA256 signing of the “state” parameter and to reject unsigned or tampered values. Deploy the upstream fix for the “jsonwebtoken” library (≥2.1.0) to close the token deserialization flaw, and upgrade Redis to a version patched against CVE‑2026‑33901 or enforce AUTH and ACL restrictions on the cache. As a defense‑in‑depth measure, enforce strict CORS policies, limit the gateway to private subnets, and enable mutual TLS for all internal service-to-service calls. Deploy Web Application Firewall rules to detect anomalous “state” payloads (e.g., unusually long base64 strings) and rate‑limit the /auth/callback endpoint. Finally, rotate all admin JWT secrets and invalidate any tokens issued prior to the patch, and monitor audit logs for abnormal model API usage patterns.

🛡️ CRITICAL SECURITY SCAN REQUIRED

Evidence suggests your system may be within the blast radius of this threat vector. Use the ZeroDay Radar scanner to verify your integrity immediately.

>> LAUNCH ZERO-DAY THREAT SCANNER <<

Source Intelligence: Full Technical Breakdown