CVE-2026-40114
published 2026-04-09CVE-2026-40114: PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in the request body with no URL…
PriorityP271critical10CVSS 3.1
AVNACLPRNUINSCCHIHAN
EPSS
0.28%
19.7th percentile
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in the request body with no URL validation. When a submitted job completes (success or failure), the server makes an HTTP POST request to this URL using httpx.AsyncClient. An unauthenticated attacker can use this to make the server send POST requests to arbitrary internal or external destinations, enabling SSRF against cloud metadata services, internal APIs, and other network-adjacent services. This vulnerability is fixed in 4.5.128.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mervinpraison | praisonai | < 4.5.128 | 4.5.128 |
| mervinpraison | praisonai | >= 0 < 4.5.128 | 4.5.128 |
| praison | praisonai | < 4.5.128 | 4.5.128 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MervinPraison PraisonAI up to 4.5.127 HTTP POST Request /api/v1/runs webhook_url server-side request forgery (GHSA-8frj-8q3m-xhgm)
vuldb·2026-04-10·CVSS 7.2
CVE-2026-40114 [HIGH] MervinPraison PraisonAI up to 4.5.127 HTTP POST Request /api/v1/runs webhook_url server-side request forgery (GHSA-8frj-8q3m-xhgm)
A vulnerability was found in MervinPraison PraisonAI up to 4.5.127. It has been rated as critical. The affected element is the function webhook_url of the file /api/v1/runs of the component HTTP POST Request Handler. Performing a manipulation results in server-side request forgery.
This vulnerability is cataloged as CVE-2026-40114. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is advised.
GHSA
PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
ghsa·2026-04-10
CVE-2026-40114 [HIGH] CWE-918 PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
## Summary
The `/api/v1/runs` endpoint accepts an arbitrary `webhook_url` in the request body with no URL validation. When a submitted job completes (success or failure), the server makes an HTTP POST request to this URL using `httpx.AsyncClient`. An unauthenticated attacker can use this to make the server send POST requests to arbitrary internal or external destinations, enabling SSRF against cloud metadata services, internal APIs, and other network-adjacent services.
## Details
The vulnerability exists across the full request lifecycle:
**1. User input accepted without validation** — `models.py:32`:
```python
class JobSubmitRequest(BaseModel):
webhook_url: Optional[str] = Field(None, descript
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-09
Published