CVE-2026-44338: PraisonAI authentication bypass in under 4 hours and the growing trend of rapid exploitation

On May 11, 2026, Sysdig TRT observed rapid probing of PraisonAI instances following publication of GHSA-6rmh-7xcm-cpxj / CVE-2026-44338: a legacy Flask api_server had AUTH_ENABLED = False, exposing GET /agents and POST /chat without authentication. A scanner identifying as "CVE-Detector/1.0" probed the vulnerable endpoint within 3 hours and 44 minutes of disclosure, confirming 200 OK responses and listing agent configuration; the report details observed paths, recommended detection (WAF/Falco rules), and remediation (upgrade to 4.6.34, bind to loopback, audit billing and rotate credentials).