Description
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q9pw-vmhh-384g
Scores
CVSS v3
9.8
EPSS
0.0005
EPSS Percentile
17.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (3)
MervinPraison/PraisonAI
< 1.6.32
praison/praisonaiagents
< 1.6.32
pypi/praisonaiagents
0 - 1.6.32PyPI
Published
May 08, 2026
Tracked Since
May 08, 2026