GHSA Advisory · Coordinated Disclosure

GHSA-8444-4fhq-fxpq

PraisonAI · PyPI

Authentication disabled by default in generated API server

Type

GHSA

CVE

CVE-2026-47393

Severity

High

CVSS

9.8

Ecosystem

PyPI

Summary

GHSA-8444-4fhq-fxpq: PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default. Coordinated through the GitHub Security Advisory database.

References

GitHub Advisory Database — GHSA-8444-4fhq-fxpq
SnailSploit on GitHub

Context

Part of SnailSploit's coordinated-disclosure work. 60 published CVEs and 7 GHSA advisories across the OSS ecosystem.

Credit: Kai Aizen & Avraham Shemesh