HIGHCVE-2026-34936CVSS 7.7

CVE-2026-34936: SSRF in praisonai ≤4.5.9

Q: What is CVE-2026-34936 — SSRF in praisonai?

CVE-2026-34936 is a Server-Side Request Forgery (SSRF) vulnerability affecting praisonai versions up to 4.5.9. It allows attackers to send requests to any reachable host from the server.

Q: Am I affected by CVE-2026-34936 in praisonai?

You are affected if you are using praisonai version 4.5.9 or earlier. Upgrade to 4.5.90 to mitigate the risk.

Q: How do I fix CVE-2026-34936 in praisonai?

Upgrade to praisonai version 4.5.90 or later. As a temporary workaround, implement a WAF or proxy to filter outbound requests.

Q: Is CVE-2026-34936 being actively exploited?

There are currently no known active exploits, but it is recommended to patch promptly due to the potential for significant impact.

Q: Where can I find the official praisonai advisory for CVE-2026-34936?

Refer to the praisonai project's official channels (e.g., GitHub repository, mailing list) for the latest advisory and security updates.

Platform

python

Component

praisonai

Fixed in

4.5.91

4.5.90

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

CVE-2026-34936 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in praisonai, a Python library. This flaw allows an attacker to manipulate the api_base parameter within the passthrough() and apassthrough() functions, bypassing security controls and potentially accessing internal resources. The vulnerability affects versions of praisonai up to and including 4.5.9, and a fix is available in version 4.5.90.

Impact and Attack Scenarios

The SSRF vulnerability in praisonai allows an attacker to craft malicious requests that appear to originate from the server itself. This can lead to unauthorized access to internal services, data exfiltration, and potentially even remote code execution if the targeted internal service is vulnerable. An attacker could, for example, scan internal networks, access cloud metadata services, or interact with internal APIs without proper authentication. The lack of URL scheme validation and domain allowlisting significantly expands the potential attack surface, making it possible to target a wide range of internal resources.

Exploitation Context

CVE-2026-34936 was publicly disclosed on 2026-04-01. Currently, there are no known public proof-of-concept exploits available. The EPSS score is pending evaluation. It is recommended to prioritize patching due to the potential for significant impact if exploited.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

Reports1 threat report

EPSS

0.03% (9% percentile)

CISA SSVC

Exploitationpoc

Automatableno

Technical Impact

Affected Software

Componentpraisonai

Vendorosv

Affected rangeFixed in

< 4.5.90 – < 4.5.904.5.91

—4.5.90

Weakness Classification (CWE)

CWE-918

Timeline

Reserved2026-03-31
Published2026-04-01
Modified2026-04-06
EPSS updated2026-04-11

Patched -1 days after disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-34936 is to upgrade to praisonai version 4.5.90 or later, which includes the necessary fixes. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy to filter outbound requests and block those targeting internal IP addresses or sensitive endpoints. Additionally, carefully review and restrict the permissions granted to the praisonai application to minimize the potential impact of a successful exploit. Monitor network traffic for unusual outbound requests originating from the praisonai application.

How to fix

Update PraisonAI to version 4.5.90 or higher to mitigate the SSRF vulnerability. This version corrects the lack of URL validation in the api_base parameter, preventing requests to unauthorized hosts.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-34936 — SSRF in praisonai?