Platform
python
Component
praisonaiagents
Fixed in
1.5.129
CVE-2026-40150 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in PraisonAIAgents, a multi-agent teams system. This flaw allows attackers to manipulate the system into making requests to unintended internal or external resources, potentially leading to data exposure or unauthorized access. The vulnerability affects versions 1.5.0 up to, but not including, 1.5.128. A fix is available in version 1.5.128.
The SSRF vulnerability in PraisonAIAgents arises from insufficient validation of URLs provided to the web_crawl() function. Malicious actors, or even prompt injection within crawled content, can craft URLs that instruct the agent to fetch sensitive data. This could include accessing cloud metadata endpoints (e.g., AWS instance IDs, Azure credentials), internal services that are not publicly exposed, or even local files accessible via file:// URLs. The blast radius extends to any data accessible by the PraisonAIAgents process, potentially compromising the entire system and any connected resources. Exploitation could lead to unauthorized access to sensitive information, lateral movement within the network, and even remote code execution if the fetched data is subsequently processed without proper sanitization.
CVE-2026-40150 was publicly disclosed on 2026-04-09. There is currently no indication of active exploitation in the wild, and no public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is likely to be low to medium, reflecting the lack of public exploitation and readily available PoCs.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-40150 is to immediately upgrade PraisonAIAgents to version 1.5.128 or later. If upgrading is not immediately feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. These might include restricting network access for the PraisonAIAgents process to only necessary resources, or implementing a Web Application Firewall (WAF) with rules to block suspicious URLs containing file:// schemes or known internal network patterns. Carefully review and sanitize any data received from external sources before processing it within the PraisonAIAgents system. After upgrading, confirm the fix by attempting to trigger the web_crawl() function with a file:// URL pointing to a known, non-sensitive local file; the request should be rejected.
Update PraisonAIAgents to version 1.5.128 or later to mitigate the vulnerability. This version includes proper URL validation of URLs provided by AI agents, preventing SSRF requests and unauthorized local file reads.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-40150 is a Server-Side Request Forgery (SSRF) vulnerability in PraisonAIAgents versions 1.5.0 through 1.5.127, allowing attackers to force the system to fetch internal resources.
You are affected if you are using PraisonAIAgents versions 1.5.0 through 1.5.127. Upgrade to version 1.5.128 to mitigate the risk.
Upgrade PraisonAIAgents to version 1.5.128. If immediate upgrade is not possible, implement temporary workarounds like WAF rules or network restrictions.
There is currently no indication of active exploitation in the wild or publicly available proof-of-concept code.
Refer to the PraisonAIAgents project's official communication channels and security advisories for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.