Which versions of Praisonaiagents are affected by CVE-2026-40160?

PraisonAIAgents versions before 1.5.128 contain an unauthenticated Server-Side Request Forgery vulnerability that allows attackers to redirect the application into crawling internal systems, cloud…. A patch is available.

How to fix or mitigate CVE-2026-40160?

Within 24 hours: Inventory all PraisonAIAgents deployments and confirm current version (check requirements.txt or pip show praisonaiagents). Within 7 days: Upgrade all instances to version 1.5.128 or later; confirm Tavily API keys are configured in production to disable fallback crawlers, or deploy Crawl4AI as a validated alternative. Within 30 days: Implement network segmentation to restrict outbound HTTP/HTTPS from PraisonAI processes, add WAF/proxy rules to block requests to 169.254.169.254 and internal RFC1918 ranges, and conduct log review for suspicious URL patterns in agent inputs.

Praisonaiagents CVE-2026-40160

Q: What is the CVSS score of CVE-2026-40160?

CVE-2026-40160 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21513 HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2026-04-10 GitHub_M

GHSA-qq9r-63f6-v542

SSRF Praisonaiagents

7.1

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.1 HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 20, 2026 - 20:22 vuln.today

cvss_changed

Patch released

Apr 10, 2026 - 20:30 nvd

Patch available

EUVD ID Assigned

Apr 10, 2026 - 17:15 euvd

EUVD-2026-21513

Analysis Generated

Apr 10, 2026 - 17:15 vuln.today

CVE Published

Apr 10, 2026 - 16:59 nvd

HIGH 7.1

DescriptionGitHub Advisory

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get() with follow_redirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints (169.254.169.254), internal services, and localhost. The response content is returned to the agent and may appear in output visible to the attacker. This fallback is the default crawl path on a fresh PraisonAI installation (no Tavily key, no Crawl4AI installed). This vulnerability is fixed in 1.5.128.

AnalysisAI

Server-Side Request Forgery (SSRF) in PraisonAIAgents versions prior to 1.5.128 allows unauthenticated attackers to manipulate LLM agents into crawling arbitrary internal URLs. The httpx fallback crawler accepts user-supplied URLs without host validation and follows redirects, enabling access to cloud metadata endpoints (169.254.169.254), internal services, and localhost. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Trick LLM agent into crawling internal URL

Delivery

httpx fallback processes URL without validation

Exploit

Request reaches metadata endpoint or internal service

Execution

Response returned to agent output

Impact

Attacker reads sensitive data