CVE-2026-40150
Unrestricted URL Fetch in PraisonAIAgents Enables SSRF
Publication date: 2026-04-09
Last updated on: 2026-04-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| praison | praisonaiagents | to 1.5.128 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the PraisonAIAgents multi-agent system, specifically in the web_crawl() function of praisonaiagents/tools/web_crawl_tools.py before version 1.5.128. This function accepts arbitrary URLs from AI agents without any validation such as scheme allowlisting, hostname or IP blocklisting, or checks against private networks. Because of this lack of validation, an attacker or malicious prompt injection can cause the agent to fetch sensitive internal resources like cloud metadata endpoints, internal services, or local files using file:// URLs.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive internal resources. An attacker could exploit it to retrieve cloud metadata, internal service data, or local files, potentially exposing confidential information. This could compromise the confidentiality of your system and data, leading to security breaches.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in PraisonAIAgents version 1.5.128. Immediate mitigation involves upgrading the PraisonAIAgents software to version 1.5.128 or later.