CVE-2026-40150
HIGHPraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
Title source: cnaDescription
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via file:// URLs. This vulnerability is fixed in 1.5.128.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8f4v-xfm9-3244
Scores
CVSS v3
7.7
EPSS
0.0027
EPSS Percentile
18.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (2)
MervinPraison/PraisonAIAgents
< 1.5.128
pypi/praisonaiagents
0 - 1.5.128PyPI
Published
Apr 09, 2026
Tracked Since
Apr 10, 2026