9 matches found
CVE-2026-40150
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. Thi...
GHSA-QQ9R-63F6-V542 PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback
| Field | Value | |---|---| | Severity | High | | Type | SSRF -- unvalidated URL in webcrawl httpx fallback allows internal network access | | Affected | src/praisonai-agents/praisonaiagents/tools/webcrawltools.py:133-180 | Summary webcrawl's httpx fallback path passes user-supplied URLs directly...
Server-side Request Forgery (SSRF)
Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webcrawl function. An attacker can access internal network resources and retrieve sensitive...
PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback
| Field | Value | |---|---| | Severity | High | | Type | SSRF -- unvalidated URL in webcrawl httpx fallback allows internal network access | | Affected | src/praisonai-agents/praisonaiagents/tools/webcrawltools.py:133-180 | Summary webcrawl's httpx fallback path passes user-supplied URLs directly...
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
Summary The webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker or prompt injection in crawled conte...
CVE-2026-40150 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. Thi...
CVE-2026-40150
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the webcrawl function in praisonaiagents/tools/webcrawltools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. Thi...
CVE-2026-40150
PraxisonAIAgents’ web_crawl() (praisonaiagents/tools/web_crawl_tools.py) before version 1.5.128 accepts arbitrary URLs with zero validation. There is no scheme allowlisting, hostname/IP blocklisting, or private-network checks prior to fetching, enabling potential SSRF and local file read via file...
PT-2026-31789
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web crawl function in praisonaiagents/tools/web crawl tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching...