CVE-2026-40150: CWE-918: Server-Side Request Forgery (SSRF) in MervinPraison PraisonAIAgents
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via file:// URLs. This vulnerability is fixed in 1.5.128.
AI Analysis
Technical Summary
PraisonAIAgents versions before 1.5.128 contain an SSRF vulnerability in the web_crawl() function located in praisonaiagents/tools/web_crawl_tools.py. The function does not perform any validation on URLs provided by AI agents, lacking scheme allowlisting, hostname/IP blocklisting, or private network checks. This allows attackers or malicious prompt injections to cause the agent to fetch internal resources including cloud metadata endpoints or local files via file:// URLs. The vulnerability is addressed in version 1.5.128.
Potential Impact
Successful exploitation can lead to unauthorized access to sensitive internal resources such as cloud metadata services or local files, potentially exposing confidential information. The vulnerability does not directly impact integrity or availability but can result in significant confidentiality breaches. The CVSS score of 7.7 reflects a high severity due to network attack vector, low attack complexity, and high confidentiality impact.
Mitigation Recommendations
Upgrade PraisonAIAgents to version 1.5.128 or later, where this SSRF vulnerability is fixed. Since no official remediation level or patch links are provided beyond the version fix, applying this update is the recommended action. Patch status is confirmed by the vendor's versioning information. No additional mitigations are specified.
CVE-2026-40150: CWE-918: Server-Side Request Forgery (SSRF) in MervinPraison PraisonAIAgents
Description
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via file:// URLs. This vulnerability is fixed in 1.5.128.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
PraisonAIAgents versions before 1.5.128 contain an SSRF vulnerability in the web_crawl() function located in praisonaiagents/tools/web_crawl_tools.py. The function does not perform any validation on URLs provided by AI agents, lacking scheme allowlisting, hostname/IP blocklisting, or private network checks. This allows attackers or malicious prompt injections to cause the agent to fetch internal resources including cloud metadata endpoints or local files via file:// URLs. The vulnerability is addressed in version 1.5.128.
Potential Impact
Successful exploitation can lead to unauthorized access to sensitive internal resources such as cloud metadata services or local files, potentially exposing confidential information. The vulnerability does not directly impact integrity or availability but can result in significant confidentiality breaches. The CVSS score of 7.7 reflects a high severity due to network attack vector, low attack complexity, and high confidentiality impact.
Mitigation Recommendations
Upgrade PraisonAIAgents to version 1.5.128 or later, where this SSRF vulnerability is fixed. Since no official remediation level or patch links are provided beyond the version fix, applying this update is the recommended action. Patch status is confirmed by the vendor's versioning information. No additional mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T19:31:56.013Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d843771cc7ad14da3fb5c6
Added to database: 4/10/2026, 12:25:27 AM
Last enriched: 4/10/2026, 12:36:06 AM
Last updated: 4/10/2026, 8:14:25 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.