Platform
python
Component
praisonaiaagents
Fixed in
1.5.129
CVE-2026-40160 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in PraisonAIAgents, a multi-agent teams system. This flaw allows an attacker to manipulate an LLM agent into making unauthorized requests to internal resources, potentially exposing sensitive data. The vulnerability impacts versions 1.5.0 through 1.5.127 and is resolved in version 1.5.128.
The SSRF vulnerability in PraisonAIAgents arises from the web_crawl module's handling of fallback URLs. When an LLM agent is tricked into crawling a malicious URL, the httpx library is used to fetch the content without proper host validation. This allows an attacker to bypass security controls and access internal services, including cloud metadata endpoints (169.254.169.254) and localhost resources. The retrieved content is then returned to the agent and may be included in output visible to the attacker, potentially exposing sensitive information like API keys, internal IP addresses, or database credentials. The default crawl path on a fresh PraisonAI installation exacerbates the risk, as it lacks configured security measures like a Tavily key or Crawl4AI.
This vulnerability was publicly disclosed on 2026-04-10. There is currently no indication of active exploitation campaigns targeting PraisonAIAgents. While no public proof-of-concept (PoC) code has been released, the SSRF nature of the vulnerability makes it relatively easy to exploit, increasing the potential for future attacks. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.05% (17% percentile)
CISA SSVC
The primary mitigation for CVE-2026-40160 is to upgrade PraisonAIAgents to version 1.5.128 or later, which includes the necessary fix to validate hostnames and prevent unauthorized requests. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) to filter outbound requests and block access to known internal resources. Additionally, configure the web_crawl module to use a more secure crawl path, such as one that requires a valid Tavily key or Crawl4AI installation. Monitor agent activity logs for suspicious outbound requests to internal IP addresses or cloud metadata endpoints.
Update PraisonAIAgents to version 1.5.128 or later to mitigate the SSRF vulnerability. This update implements host validation and prevents the direct passing of user-supplied URLs to httpx.AsyncClient.get().
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-40160 is a Server-Side Request Forgery (SSRF) vulnerability affecting PraisonAIAgents versions 1.5.0 through 1.5.127, allowing attackers to access internal resources.
If you are using PraisonAIAgents versions 1.5.0 through 1.5.127, you are potentially affected by this SSRF vulnerability.
Upgrade PraisonAIAgents to version 1.5.128 or later to resolve the SSRF vulnerability. Consider WAF rules as a temporary mitigation.
There is currently no evidence of active exploitation campaigns targeting CVE-2026-40160, but the vulnerability's nature makes it a potential target.
Refer to the PraisonAIAgents project's official communication channels for the advisory related to CVE-2026-40160.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.