CVE-2026-34953

CRITICAL

PraisonAI: Authentication Bypass in OAuthManager.validate_token()

Title source: cna
STIX 2.1

Description

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. This issue has been patched in version 4.5.97.

References (1)

Scores

CVSS v3 9.1
EPSS 0.0001
EPSS Percentile 2.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-863
Status published
Products (3)
MervinPraison/PraisonAI < 4.5.97
praison/praisonai < 4.5.97
pypi/praisonai 0 - 4.5.97PyPI
Published Apr 03, 2026
Tracked Since Apr 04, 2026