Platform
python
Component
praisonaiagents
Fixed in
1.5.96
1.5.95
CVE-2026-34954 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the praisonaiagents Python library. This flaw allows an attacker to leverage the FileTools.download_file() function to make arbitrary requests to internal network services or cloud metadata endpoints, potentially exposing sensitive information. The vulnerability impacts versions of praisonaiagents up to and including 1.5.94, and a fix is available in version 1.5.95.
The SSRF vulnerability in praisonaiagents arises from insufficient validation of the url parameter within the FileTools.downloadfile() function. The code directly passes this unvalidated URL to httpx.stream() with followredirects=True, enabling an attacker to control the destination of the request. This allows access to internal resources that should be inaccessible from the outside. Attackers could potentially retrieve sensitive data from cloud metadata services (e.g., AWS instance IDs, Azure credentials), access internal databases, or even trigger actions on other internal systems. The blast radius extends to any service accessible from the server running praisonaiagents, making it a significant security risk.
This vulnerability was publicly disclosed on 2026-04-01. There is currently no indication of active exploitation campaigns targeting this specific vulnerability. No public proof-of-concept exploits have been released. The vulnerability is not currently listed on the CISA KEV catalog. The SSRF nature of the vulnerability means it could be exploited opportunistically if an attacker gains access to a system running a vulnerable version of praisonaiagents.
Exploit Status
EPSS
0.04% (13% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-34954 is to upgrade to version 1.5.95 or later of praisonaiagents. This version includes the necessary validation to prevent the SSRF vulnerability. If an immediate upgrade is not feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound requests and block those targeting internal or sensitive endpoints. Additionally, restrict network access to the server running praisonaiagents to only necessary ports and services. Carefully review and restrict the permissions granted to the user account running the praisonaiagents process to minimize potential damage. After upgrading, confirm the fix by attempting to trigger the download with a URL pointing to an internal service; the request should be blocked.
Update PraisonAI to version 1.5.95 or higher to mitigate the SSRF vulnerability. This update correctly validates the URL provided to the download_file() method, preventing unauthorized access to internal and external resources.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34954 is a Server-Side Request Forgery (SSRF) vulnerability in the praisonaiagents library, allowing attackers to make unauthorized requests to internal services.
You are affected if you are using praisonaiagents versions 1.5.94 or earlier. Upgrade to 1.5.95 to mitigate the risk.
Upgrade to version 1.5.95 or later of praisonaiagents. Consider WAF rules or proxy filtering as a temporary workaround if immediate upgrade is not possible.
There is currently no evidence of active exploitation, but the SSRF nature of the vulnerability means it could be exploited opportunistically.
Refer to the praisonaiagents project's official release notes and security advisories for the most up-to-date information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.