Lucene search
+L

25 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-61430

PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the webcrawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies...

8.5CVSS0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-61430 PraisonAI before 1.6.78 DNS Rebinding SSRF via web_crawl

PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the webcrawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies...

8.5CVSS0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44639

PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the webcrawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies...

8.5CVSS6.1AI score0.00205EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/14 7:22 p.m.6 views

CVE-2026-40150

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. Thi...

7.7CVSS5.9AI score0.00269EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.7 views

CVE-2026-40160

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, webcrawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with followredirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

7.1CVSS5.8AI score0.00281EPSS
Exploits1References1
OSV
OSV
added 2026/04/10 7:28 p.m.3 views

GHSA-QQ9R-63F6-V542 PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback

| Field | Value | |---|---| | Severity | High | | Type | SSRF -- unvalidated URL in webcrawl httpx fallback allows internal network access | | Affected | src/praisonai-agents/praisonaiagents/tools/webcrawltools.py:133-180 | Summary webcrawl's httpx fallback path passes user-supplied URLs directly...

7.1CVSS5.9AI score0.00281EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/10 7:28 p.m.3 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webcrawl function. An attacker can access internal network resources and retrieve sensitive...

8.2CVSS5.8AI score0.00281EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/10 7:28 p.m.12 views

PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback

| Field | Value | |---|---| | Severity | High | | Type | SSRF -- unvalidated URL in webcrawl httpx fallback allows internal network access | | Affected | src/praisonai-agents/praisonaiagents/tools/webcrawltools.py:133-180 | Summary webcrawl's httpx fallback path passes user-supplied URLs directly...

7.1CVSS5.9AI score0.00281EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/10 7:28 p.m.10 views

EUVD-2026-21513

PraisonAIAgents: SSRF via unvalidated URL in webcrawl httpx fallback...

7.1CVSS5.8AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:23 p.m.3 views

Server-side Request Forgery (SSRF)

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the webcrawl function. An attacker can access sensitive internal resources, cloud metadata endpoints, or...

8.5CVSS5.9AI score0.00269EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/10 7:23 p.m.5 views

EUVD-2026-21170

PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in webcrawl Tool...

7.7CVSS5.8AI score0.00269EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/10 7:23 p.m.8 views

PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool

Summary The webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker or prompt injection in crawled conte...

7.7CVSS5.9AI score0.00269EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/10 5:17 p.m.7 views

CVE-2026-40160

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, webcrawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with followredirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

7.1CVSS0.00281EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/10 4:59 p.m.31 views

CVE-2026-40160 PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, webcrawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get with followredirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

7.1CVSS0.00281EPSS
Exploits1References1
NVD
NVD
added 2026/04/09 10:16 p.m.4 views

CVE-2026-40150

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. Thi...

7.7CVSS0.00269EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/09 9:26 p.m.23 views

CVE-2026-40150 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. Thi...

7.7CVSS0.00269EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:26 p.m.1 views

CVE-2026-40150

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. Thi...

7.7CVSS6AI score0.00269EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 9:26 p.m.3 views

CVE-2026-40150 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. Thi...

7.7CVSS5.9AI score0.00269EPSS
Exploits1References1
CVE
CVE
added 2026/04/09 9:26 p.m.11 views

CVE-2026-40150

PraxisonAIAgents’ web_crawl() (praisonaiagents/tools/web_crawl_tools.py) before version 1.5.128 accepts arbitrary URLs with zero validation. There is no scheme allowlisting, hostname/IP blocklisting, or private-network checks prior to fetching, enabling potential SSRF and local file read via file...

7.7CVSS6AI score0.00269EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31789

Name of the Vulnerable Software and Affected Versions PraisonAIAgents versions prior to 1.5.128 Description PraisonAIAgents is a multi-agent teams system. The web crawl function in praisonaiagents/tools/web crawl tools.py accepts arbitrary URLs from AI agents without validation. This includes a...

7.7CVSS6.2AI score0.00269EPSS
Exploits1References10
Rows per page
Query Builder