CVE-2026-61429
Received Received - Intake

PraisonAI SSRF via DNS Rebinding and Redirects Before 1.6.78

Vulnerability report for CVE-2026-61429, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-11

Last updated on: 2026-07-11

Assigner: VulnCheck

Description

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial validation check, enabling the headless browser to follow redirects and read internal responses including sensitive canary values.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-11
Last Modified
2026-07-11
Generated
2026-07-11
AI Q&A
2026-07-11
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
praisonai praisonai to 1.6.78 (exc)
mervinpraison praisonai to 1.6.78 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-61429 is a Server-Side Request Forgery (SSRF) vulnerability in PraisonAI versions before 1.6.78, specifically affecting the Crawl4AI/Chromium backend.

The vulnerability allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers craft URLs that initially pass validation but then resolve to internal services after the check.

This enables the headless browser to follow redirects and access internal responses, including sensitive canary values.

The root cause is a lack of per-connection validation and IP pinning in the headless browser, leading to a Time-of-Check Time-of-Use (TOCTOU) race condition.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive internal data by allowing attackers to bypass SSRF protections.

Attackers can exploit DNS rebinding and HTTP redirects to make the headless browser access internal services and read sensitive information such as canary values.

The impact on confidentiality is high, meaning sensitive information exposure is a significant risk.

The integrity impact is low, and availability is not affected.

Detection Guidance

Detection of this SSRF vulnerability involves monitoring for unusual DNS rebinding or HTTP redirect patterns that lead to internal service access after initial validation.

One approach is to analyze network traffic for requests from the PraisonAI Crawl4AI/Chromium backend that resolve to internal IP addresses following redirects or DNS changes.

Commands to assist detection might include using network monitoring tools like tcpdump or Wireshark to capture traffic, for example:

  • tcpdump -i <interface> host <praisonai_server_ip> and port <relevant_port>
  • Use curl or similar tools to test for SSRF by crafting URLs that attempt DNS rebinding or redirects to internal IPs and observe responses.

Additionally, reviewing application logs for unexpected internal service access or redirect chains can help identify exploitation attempts.

Mitigation Strategies

Immediate mitigation involves upgrading PraisonAI to version 1.6.78 or later, where the SSRF vulnerability in the Crawl4AI/Chromium backend has been fixed.

The fix includes implementing resolve-once IP pinning and per-connection validation to prevent DNS rebinding and redirect bypasses.

If upgrading is not immediately possible, consider restricting network access from the PraisonAI server to internal services to limit potential SSRF exploitation.

Monitoring and alerting on unusual outbound requests from the PraisonAI service can also help detect and respond to exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61429. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart