CVE-2026-34953
Authentication Bypass in PraisonAI OAuthManager Grants Full Access
Publication date: 2026-04-03
Last updated on: 2026-04-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| praison | praisonai | to 4.5.97 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability occurs because the OAuthManager.validate_token() method returns True for any token not found in its internal store, which is empty by default. This means any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated.
To detect this vulnerability on your system or network, you can attempt to send HTTP requests to the MCP server using arbitrary Bearer tokens and observe if access is granted.
A simple command to test this could be using curl to send a request with a random Bearer token:
- curl -H "Authorization: Bearer randomtoken123" http://<MCP_server_address>/
If the server responds with access granted or does not reject the token, it indicates the vulnerability is present.
Note that this vulnerability is patched in version 4.5.97, so verifying the version of PraisonAI OAuthManager is also important.
Can you explain this vulnerability to me?
The vulnerability exists in PraisonAI's OAuthManager.validate_token() function prior to version 4.5.97. This function incorrectly returns True for any token that is not found in its internal store, which is empty by default. As a result, any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated.
This means that an attacker can use any token, even one that is invalid or fabricated, to gain access to the system.
How can this vulnerability impact me? :
Because any arbitrary Bearer token is accepted as valid, an attacker can gain full access to all registered tools and agent capabilities within the PraisonAI system.
This can lead to unauthorized access, data exposure, manipulation of system functions, and potentially compromise the integrity and confidentiality of the system.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability can be mitigated by upgrading PraisonAI to version 4.5.97 or later, where the issue with OAuthManager.validate_token() has been patched.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows any HTTP request with an arbitrary Bearer token to be treated as authenticated, granting full access to all registered tools and agent capabilities.
Such unauthorized access could lead to exposure or misuse of sensitive data, which may violate data protection requirements under standards like GDPR and HIPAA.
Therefore, this issue could negatively impact compliance with these regulations by failing to properly secure authentication and protect sensitive information.