CVE-2026-40150
published 2026-04-09CVE-2026-40150: PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs…
PriorityP342medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.27%
18.4th percentile
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via file:// URLs. This vulnerability is fixed in 1.5.128.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mervinpraison | praisonaiagents | < 1.5.128 | 1.5.128 |
| mervinpraison | praisonaiagents | >= 0 < 1.5.128 | 1.5.128 |
| praison | praisonaiagents | < 1.5.128 | 1.5.128 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
ghsa·2026-04-10
CVE-2026-40150 [HIGH] CWE-918 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
## Summary
The `web_crawl()` function in `praisonaiagents/tools/web_crawl_tools.py` accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via `file://` URLs.
## Details
The `web_crawl()` function at `web_crawl_tools.py:182` accepts a URL string or list of URLs and passes them directly to HTTP clients without any SSRF protections:
```python
# web_crawl_tools.py:182-234
def web_crawl(
urls: Union[str, List[str]],
provider: Optional[str] = None,
VulDB
MervinPraison PraisonAIAgents up to 1.5.127 web_crawl_tools.py server-side request forgery (GHSA-8f4v-xfm9-3244)
vuldb·2026-04-10·CVSS 7.7
CVE-2026-40150 [HIGH] MervinPraison PraisonAIAgents up to 1.5.127 web_crawl_tools.py server-side request forgery (GHSA-8f4v-xfm9-3244)
A vulnerability, which was classified as critical, has been found in MervinPraison PraisonAIAgents up to 1.5.127. The affected element is an unknown function of the file praisonaiagents/tools/web_crawl_tools.py. This manipulation causes server-side request forgery.
This vulnerability is handled as CVE-2026-40150. The attack can be initiated remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-09
Published