PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs...

7.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Description

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via file:// URLs. This vulnerability is fixed in 1.5.128.

Basic Information

ID CVE-2026-40150

Source GitHub_M

Published Apr 9, 2026 at 21:26

Affected Product

Vendor MervinPraison

Product PraisonAIAgents

Version < 1.5.128

Affected Versions MervinPraison PraisonAIAgents < 1.5.128

CWE Classification

CWE-918

References

github.com /MervinPraison/PraisonAI/security/advisories/GHSA-8f4v-xfm9-3244

{
    "lastseen": "",
    "description": "PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via file:// URLs. This vulnerability is fixed in 1.5.128.",
    "published": "2026-04-09T21:26:09.572Z",
    "modified": "2026-04-09T21:26:09.572Z",
    "type": "cve",
    "title": "PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool",
    "source": "GitHub_M",
    "references": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8f4v-xfm9-3244",
    "id": "CVE-2026-40150",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "MervinPraison PraisonAIAgents < 1.5.128",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PraisonAIAgents",
    "version": "< 1.5.128",
    "vendor": "MervinPraison",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool_CVE-2026-40150