CVE-2026-44338: PraisonAI authentication bypass in under 4 hours and the growing trend of rapid exploitation | Sysdig

MITRE Techniques

• [T1595 ] Active Scanning – The attacker/scanner probed internet-exposed hosts for vulnerable PraisonAI endpoints and other fingerprints, including generic and AI-specific paths (‘The first contact was generic recon… The second pass narrowed to AI-agent surfaces’).
• [T1595.001 ] Scanning IP Blocks – The activity targeted exposed instances across the internet and validated hosts for exploitation readiness (‘probing the exact vulnerable endpoint on internet-exposed instances’).
• [T1190 ] Exploit Public-Facing Application – The scanner used GET /agents without authorization to confirm the auth bypass on the exposed application (‘GET /agents from 146.190.133.49, User-Agent CVE-Detector/1.0’).
• [T1078 ] Valid Accounts – The vulnerability description centers on authentication being disabled by default, allowing access without valid credentials (‘GET /agents returns … confirming the bypass was successful’).
• [T1059 ] Command and Scripting Interpreter – The article notes that /chat can trigger configured workflows that may invoke shell or Python-based tooling inside the agent graph (‘grant agents access to a code_interpreter, file I/O, web fetch, shell, or HTTP request tools’).
• [T1105 ] Ingress Tool Transfer – The workflows may fetch external content or interact with remote resources as part of their execution (‘web fetch, shell, or HTTP request tools’).
• [T1005 ] Data from Local System – The configured agent workflow may access local files and internal datasets during execution (‘can write files, exfiltrate from internal datasets’).
• [T1041 ] Exfiltration Over C2 Channel – The article mentions possible exfiltration and outbound communication from the agent process during post-exploitation activity (‘network egress from the agent process’).