EUVD-2026-21158
GHSA-8frj-8q3m-xhgm
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
4Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in the request body with no URL validation. When a submitted job completes (success or failure), the server makes an HTTP POST request to this URL using httpx.AsyncClient. An unauthenticated attacker can use this to make the server send POST requests to arbitrary internal or external destinations, enabling SSRF against cloud metadata services, internal APIs, and other network-adjacent services. This vulnerability is fixed in 4.5.128.
Analysis
Server-Side Request Forgery in PraisonAI versions prior to 4.5.128 allows unauthenticated remote attackers to force the server to send HTTP POST requests to arbitrary internal or external destinations via an unvalidated webhook_url parameter in the /api/v1/runs endpoint. Attackers can abuse this to access cloud metadata services (AWS/GCP/Azure instance metadata), internal APIs, and network-adjacent services, potentially exposing credentials, configuration data, or triggering unauthorized actions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running PraisonAI and determine current version via admin console or API endpoint queries. Within 7 days: Restrict network access to the /api/v1/runs endpoint using WAF/firewall rules to block external traffic and disable webhook_url parameter processing if not operationally required. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today