PraisonAIAgents versions before 1.5.128 contain an SSRF vulnerability (CWE-918) in the web_crawl() function located in praisonaiagents/tools/web_crawl_tools.py. This function does not validate URLs received from AI agents, lacking any scheme allowlisting, hostname/IP blocklisting, or checks against private network addresses. Consequently, an attacker or malicious content can trigger the agent to fetch unintended internal or local resources, such as cloud metadata endpoints or local files via file:// URLs. The vulnerability is addressed in version 1.5.128. The CVSS 3.1 base score is 7.7, reflecting a high severity with network attack vector, low attack complexity, requiring low privileges but no user interaction, and impacts confidentiality but not integrity or availability.

Successful exploitation allows an attacker to induce the vulnerable system to make unauthorized requests to internal or cloud metadata services, potentially exposing sensitive information. The confidentiality of internal resources can be compromised, but there is no direct impact on integrity or availability according to the CVSS vector. This could lead to information disclosure of sensitive internal endpoints or local files accessible to the agent.

Upgrade PraisonAIAgents to version 1.5.128 or later, where this SSRF vulnerability is fixed. Since no official patch link or remediation level is explicitly provided beyond the version fix, users should verify the upgrade from the vendor's official releases. No alternative mitigations or temporary fixes are indicated in the advisory.