CVE-2026-40150
Received Received - Intake
Unrestricted URL Fetch in PraisonAIAgents Enables SSRF

Publication date: 2026-04-09

Last updated on: 2026-04-24

Assigner: GitHub, Inc.

Description
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via file:// URLs. This vulnerability is fixed in 1.5.128.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-09
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40150
EUVD
EUVD-2026-21170
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
praison praisonaiagents to 1.5.128 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the PraisonAIAgents multi-agent system, specifically in the web_crawl() function of praisonaiagents/tools/web_crawl_tools.py before version 1.5.128. This function accepts arbitrary URLs from AI agents without any validation such as scheme allowlisting, hostname or IP blocklisting, or checks against private networks. Because of this lack of validation, an attacker or malicious prompt injection can cause the agent to fetch sensitive internal resources like cloud metadata endpoints, internal services, or local files using file:// URLs.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive internal resources. An attacker could exploit it to retrieve cloud metadata, internal service data, or local files, potentially exposing confidential information. This could compromise the confidentiality of your system and data, leading to security breaches.

Mitigation Strategies

The vulnerability is fixed in PraisonAIAgents version 1.5.128. Immediate mitigation involves upgrading the PraisonAIAgents software to version 1.5.128 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40150. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart