Skip to main content

Praisonai CVE-2026-40114

| EUVD-2026-21158 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-04-09 GitHub_M GHSA-8frj-8q3m-xhgm
SSRF Praisonai
7.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

5
Re-analysis Queued
Apr 17, 2026 - 18:37 vuln.today
cvss_changed
Patch released
Apr 10, 2026 - 20:30 nvd
Patch available
EUVD ID Assigned
Apr 09, 2026 - 21:45 euvd
EUVD-2026-21158
Analysis Generated
Apr 09, 2026 - 21:45 vuln.today
CVE Published
Apr 09, 2026 - 21:18 nvd
HIGH 7.2

DescriptionGitHub Advisory

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in the request body with no URL validation. When a submitted job completes (success or failure), the server makes an HTTP POST request to this URL using httpx.AsyncClient. An unauthenticated attacker can use this to make the server send POST requests to arbitrary internal or external destinations, enabling SSRF against cloud metadata services, internal APIs, and other network-adjacent services. This vulnerability is fixed in 4.5.128.

AnalysisAI

Server-Side Request Forgery in PraisonAI versions prior to 4.5.128 allows unauthenticated remote attackers to force the server to send HTTP POST requests to arbitrary internal or external destinations via an unvalidated webhook_url parameter in the /api/v1/runs endpoint. Attackers can abuse this to access cloud metadata services (AWS/GCP/Azure instance metadata), internal APIs, and network-adjacent services, potentially exposing credentials, configuration data, or triggering unauthorized actions. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send crafted request to /api/v1/runs endpoint
Exploit
Inject arbitrary webhook_url parameter
Execution
Server performs HTTP POST to attacker-controlled destination
Impact
Access internal cloud metadata or APIs
Sign in to reveal

Vulnerability AssessmentAI

Exploitation PraisonAI versions prior to 4.5.128. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 7.2 reflects moderate impact: unauthenticated SSRF via unvalidated webhook_url on /api/v1/runs endpoint. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario Attacker submits POST to /api/v1/runs with malicious webhook_url pointing to 169.254.169.254 (AWS metadata). Job completion triggers server POST to attacker-controlled destination, exfiltrating instance credentials. …
Remediation Vendor-released patch: upgrade to PraisonAI version 4.5.128 or later immediately. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all systems running PraisonAI and determine current version via admin console or API endpoint queries. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-40114 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy