CVE-2026-34953 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, whic…
Critical CVSS: 9.1

CVE-2026-34953

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. This issue has been patched in version 4.5.97.
Vendor
-
Product
-
CWE
CWE-863
Yayın Tarihi
2026-04-03 23:17:06
Güncelleme
2026-04-07 13:20:55
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-863 CRITICAL 2026

Referanslar

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-98f9-fqg5-hvq5 https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-98f9-fqg5-hvq5