CriticalPublic exploit

Unauthenticated Gateway Access in PraisonAI

IdentifiersCVE-2026-34952CWE-306· Missing Authentication for…

CVE-2026-34952 is an authentication bypass / missing authentication issue in the PraisonAI Gateway server affecting versions prior to 4.5.97. The gateway exposes a WebSocket endpoint at /ws and an information endpoint at /info without requiring authentication. As a result, any network-reachable client can connect to the gateway, retrieve agent topology information, enumerate registered agents, and send arbitrary messages to agents and their associated tool sets. The flaw stems from the absence of authentication on security-sensitive gateway functionality rather than a memory corruption issue or input parsing bug.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an unauthenticated remote attacker to interact directly with the PraisonAI multi-agent environment. An attacker can discover the deployed agent topology, enumerate registered agents, and inject arbitrary messages into agents and their tool chains. This can expose sensitive operational information and compromise the integrity of agent workflows and outputs. Based on the provided CVSS context, the primary impacts are high confidentiality and high integrity impact, with no stated direct availability impact.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict network access to the PraisonAI Gateway server so that /ws and /info are reachable only by trusted clients over tightly controlled network paths. Place the service behind an authenticated reverse proxy, VPN, or other access-control layer, and limit exposure to internal management networks where possible. Monitor for unexpected WebSocket connections, agent enumeration activity, and unauthorized message submission to agents or tools until the upgrade can be completed.

Remediation

Patch, then assume compromise.

Upgrade PraisonAI to version 4.5.97 or later, which patches the unauthenticated access to the gateway endpoints. Ensure the deployed gateway version is no longer prior to 4.5.97 and verify that authentication is enforced for access to /ws and /info and for message delivery to agents and tool sets.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

PraisonPraisonaiapplication

PraisonAIPraisonaiapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

9 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

9 SOURCESView more in app

cvefeed high severityNews

Apr 3, 2026

CVE-2026-34952 - PraisonAI: Missing Authentication in WebSocket Gateway

An improper authentication vulnerability in the PraisonAI Gateway server that allows unauthenticated network clients to connect via WebSocket, enumerate registered agents, and send arbitrary messages to agents and their tool sets.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity8

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-34952

NVD

nvd.nist.gov/vuln/detail/CVE-2026-34952

MITRE CWE · CWE-306

Missing Authentication for Critical Function

Vendor Advisory

github.com/MervinPraison/PraisonAI/security/advisories/GHSA-cfh6-vr3j-qc3g