What is the CVSS score of CVE-2026-40150?

CVE-2026-40150 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Praisonaiagents are affected by CVE-2026-40150?

CVE-2026-40150 affects PraisonAIAgents versions below 1.5.128 and enables authenticated users to conduct server-side request forgery attacks through the web_crawl() function, potentially exposing…. A patch is available.

How to fix or mitigate CVE-2026-40150?

Within 24 hours: Inventory all deployments of PraisonAIAgents and identify current versions; audit access logs for suspicious web_crawl() activity targeting 127.0.0.1, 169.254.169.254 (AWS metadata), or internal hostnames. Within 7 days: Upgrade to PraisonAIAgents version 1.5.128 or later if available; if unavailable, implement network-level egress controls restricting agent processes from reaching private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and cloud metadata endpoints. Within 30 days: Conduct security review of all agent definitions and associated IAM/API key permissions; implement principle-of-least-privilege access for authenticated users interacting with multi-agent systems.

Praisonaiagents CVE-2026-40150

EUVD-2026-21170 HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-04-09 GitHub_M

GHSA-8f4v-xfm9-3244

SSRF Praisonaiagents

7.7

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.7 HIGH

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 24, 2026 - 15:07 vuln.today

cvss_changed

Patch released

Apr 10, 2026 - 20:30 nvd

Patch available

EUVD ID Assigned

Apr 09, 2026 - 21:45 euvd

EUVD-2026-21170

Analysis Generated

Apr 09, 2026 - 21:45 vuln.today

CVE Published

Apr 09, 2026 - 21:26 nvd

HIGH 7.7

DescriptionGitHub Advisory

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via file:// URLs. This vulnerability is fixed in 1.5.128.

AnalysisAI

Server-side request forgery in PraisonAIAgents multi-agent system allows authenticated attackers to force internal network reconnaissance and data exfiltration through unvalidated URL crawling. The web_crawl() function in versions prior to 1.5.128 accepts arbitrary URLs from AI agents without scheme allowlisting, hostname blocking, or private network checks, enabling access to cloud metadata endpoints (AWS/Azure/GCP), internal services, and local filesystems via file:// URIs. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Inject malicious URL via prompt injection

Exploit

AI agent passes URL to web_crawl()

Execution

Function fetches internal metadata endpoint

Impact

Attacker retrieves sensitive cloud credentials

Access

Inject malicious URL via prompt injection

Exploit

AI agent passes URL to web_crawl()

Execution

Function fetches internal metadata endpoint

Impact

Attacker retrieves sensitive cloud credentials

Vulnerability AssessmentAI

Exploitation	Requires authenticated access to PraisonAIAgents versions prior to 1.5.128 with ability to control AI agent prompts or inject URLs into crawled content. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.7 reflects high confidentiality impact via SSRF; authenticated agents bypass URL validation to access metadata endpoints and internal services. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Attacker injects prompt directing AI agent to crawl http://169.254.169.254/latest/meta-data (AWS) or internal service URL. Agent's web_crawl() function lacks hostname validation, fetches request unauthenticated to internal network, exfiltrates credentials or service config. …
Remediation	Vendor-released patch: version 1.5.128 implements URL validation controls including scheme allowlisting and private network filtering. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all deployments of PraisonAIAgents and identify current versions; audit access logs for suspicious web_crawl() activity targeting 127.0.0.1, 169.254.169.254 (AWS metadata), or internal hostnames. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-40150 vulnerability details – vuln.today

Back

Praisonaiagents CVE-2026-40150

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code