PraisonAI versions prior to 4.5.97 are vulnerable to a critical authentication bypass that grants unauthenticated attackers full administrative control over multi-agent systems.

The OAuthManager.validate_token() function incorrectly returns a success state for any token not found in its default empty internal store. This allows an unauthenticated remote attacker to bypass security controls using any arbitrary Bearer token.

A successful exploit grants an attacker full access to the multi-agent system's tools and capabilities, leading to total compromise of the agentic workflow. Given the CVSS score of 9.1, this represents a critical risk of unauthorized data access, manipulation of AI processes, and potential lateral movement within the environment.

Immediate Action: Update the PraisonAI installation to version 4.5.97 or later immediately to correct the token validation logic.

Proactive Monitoring: Review HTTP access logs for the MCP server to identify requests containing unrecognized Bearer tokens or unusual agent activity.

Compensating Controls: Implement network-level access control lists (ACLs) to restrict access to the MCP server to trusted IP addresses only until the patch is applied.

Public Exploit Available: false

The severity of this flaw cannot be overstated, as it effectively nullifies the authentication layer of the platform. Organizations utilizing PraisonAI must prioritize the update to version 4.5.97 immediately to prevent unauthorized access to sensitive agent tools.