CVE-2026-34953: PraisonAI Authentication Bypass (CVSS 9.1)
Platform
other
Component
praisonai
Fixed in
4.5.97
CVE-2026-34953 describes an authentication bypass vulnerability affecting PraisonAI. Specifically, the OAuthManager incorrectly validates tokens, granting unauthorized access. This critical flaw allows attackers to bypass authentication and gain full control over registered tools and agent capabilities. This affects PraisonAI versions less than or equal to 4.5.97. A fix is available in version 4.5.97.
How to fix
Actualice PraisonAI a la versión 4.5.97 o posterior para corregir la vulnerabilidad de bypass de autenticación. Esta actualización aborda el problema donde cualquier token no encontrado en el almacén interno era tratado como válido, permitiendo el acceso no autorizado al servidor MCP.
Frequently asked questions
What is CVE-2026-34953?
CVE-2026-34953 is an authentication bypass vulnerability in PraisonAI that allows attackers to gain unauthorized access by using arbitrary bearer tokens.
Am I affected by CVE-2026-34953?
You are affected if you are using PraisonAI version 4.5.97 or earlier. This vulnerability allows unauthorized access to your system.
How do I fix CVE-2026-34953?
To fix this vulnerability, upgrade your PraisonAI installation to version 4.5.97 or later. This version includes a patch that corrects the token validation process.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free