CVE-2026-60091
PraisionAI before 4.6.78 is affected by an unauthenticated SSRF in the Jobs API /api/v1/runs. The webhook_url parameter is validated at request time but re-resolved at connection time, enabling DNS rebinding to reach internal services via a blind SSRF attack. CVSS metrics: CVSSv3.1 base score 7.2...