CVE-2026-34954

HIGH

PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL

Title source: cna

Description

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata services and internal network services. This issue has been patched in version 1.5.95.

References (1)

[X_Refsource_Confirm] https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-44c2-3rw4-5gvh

Scores

CVSS v3 8.6

EPSS 0.0001

EPSS Percentile 3.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (4)

MervinPraison/PraisonAI < 1.5.95

praison/praisonai < 1.5.95

praison/praisonaiagents < 1.5.95

pypi/praisonaiagents 0 - 1.5.95PyPI

Published Apr 03, 2026

Tracked Since Apr 04, 2026