python · praisonaiCritical

praisonai: PRAISONAI_CALL_AUTH=disabled disables authentication on invoke endpoint

Setting PRAISONAI_CALL_AUTH=disabled completely disables authentication on the /api/v1/agents/{id}/invoke endpoint, allowing unauthenticated access to invoke an

19 Jun 2026Read 1 minSeverity: act now

What changed

Setting PRAISONAI_CALL_AUTH=disabled completely disables authentication on the /api/v1/agents/{id}/invoke endpoint, allowing unauthenticated access to invoke any agent.

Who it affects

All deployments of praisonai that set PRAISONAI_CALL_AUTH=disabled, especially in Docker/Compose configurations.

What to do today

Remove PRAISONAI_CALL_AUTH=disabled from your environment and set a strong CALL_SERVER_TOKEN instead.

The trail

Collected→ Audited→ Written→ Published

Source

GitHub Advisory · praisonai

praisonai: PRAISONAI_CALL_AUTH=disabled disables authentication on invoke endpoint

What changed

Who it affects

What to do today

More on praisonai

pypdf: Unbounded memory usage when parsing PDF without /Length

praisonai-platform: Cross-tenant integrity violation in issue endpoints