What happened
PraisonAI's Call API agent-invocation endpoints could be reached remotely even when the auth-disabled safeguard was intended to restrict access to localhost, due to incorrect bind-host derivation logic.
Why it matters
This allows unauthenticated remote invocation of PraisonAI agents in deployments that believed they were protected by a localhost-only safeguard, exposing agent capabilities and any connected tools/data to the open network.
Attack vector
The safeguard intended to restrict the disabled-auth opt-out to localhost binding derived the bind host incorrectly, so agent invocation endpoints could remain reachable over the network even when operators believed the disabled-auth mode was localhost-only.
Affected systems
PraisonAI prior to 4.6.78
Mitigation
Upgrade to PraisonAI 4.6.78 or later; avoid PRAISONAI_CALL_AUTH=disabled in network-exposed deployments.