Plataforma
python
Componente
praisonaiagents
Corregido en
1.5.129
CVE-2026-40150 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in PraisonAIAgents, a multi-agent teams system. This flaw allows attackers to manipulate the system into making requests to unintended internal or external resources, potentially leading to data exposure or unauthorized access. The vulnerability affects versions 1.5.0 up to, but not including, 1.5.128. A fix is available in version 1.5.128.
The SSRF vulnerability in PraisonAIAgents arises from insufficient validation of URLs provided to the web_crawl() function. Malicious actors, or even prompt injection within crawled content, can craft URLs that instruct the agent to fetch sensitive data. This could include accessing cloud metadata endpoints (e.g., AWS instance IDs, Azure credentials), internal services that are not publicly exposed, or even local files accessible via file:// URLs. The blast radius extends to any data accessible by the PraisonAIAgents process, potentially compromising the entire system and any connected resources. Exploitation could lead to unauthorized access to sensitive information, lateral movement within the network, and even remote code execution if the fetched data is subsequently processed without proper sanitization.
CVE-2026-40150 was publicly disclosed on 2026-04-09. There is currently no indication of active exploitation in the wild, and no public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The EPSS score is likely to be low to medium, reflecting the lack of public exploitation and readily available PoCs.
Organizations utilizing PraisonAIAgents in environments with sensitive internal resources or cloud metadata endpoints are particularly at risk. Shared hosting environments where multiple users share the same PraisonAIAgents instance could also be vulnerable, as a compromised agent could potentially access data belonging to other users.
• linux / server: Monitor PraisonAIAgents logs for requests containing file:// URLs. Use journalctl -u praisonaiagents to filter for relevant entries.
journalctl -u praisonaiagents | grep 'file://'• python / supply-chain: Inspect the praisonaiagents/tools/webcrawltools.py file for the web_crawl() function and confirm that URL validation is implemented.
def web_crawl(url):
# Ensure proper URL validation is present here
if not is_valid_url(url):
raise ValueError("Invalid URL")
# ... rest of the function• generic web: Monitor web server access logs for requests originating from the PraisonAIAgents process attempting to access local files via file:// URLs.
disclosure
Estado del Exploit
EPSS
0.03% (9% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2026-40150 is to immediately upgrade PraisonAIAgents to version 1.5.128 or later. If upgrading is not immediately feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. These might include restricting network access for the PraisonAIAgents process to only necessary resources, or implementing a Web Application Firewall (WAF) with rules to block suspicious URLs containing file:// schemes or known internal network patterns. Carefully review and sanitize any data received from external sources before processing it within the PraisonAIAgents system. After upgrading, confirm the fix by attempting to trigger the web_crawl() function with a file:// URL pointing to a known, non-sensitive local file; the request should be rejected.
Actualice PraisonAIAgents a la versión 1.5.128 o posterior para mitigar la vulnerabilidad. Esta versión incluye validaciones adecuadas de las URLs proporcionadas por los agentes de IA, previniendo la ejecución de solicitudes SSRF y la lectura de archivos locales no autorizados.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-40150 is a Server-Side Request Forgery (SSRF) vulnerability in PraisonAIAgents versions 1.5.0 through 1.5.127, allowing attackers to force the system to fetch internal resources.
You are affected if you are using PraisonAIAgents versions 1.5.0 through 1.5.127. Upgrade to version 1.5.128 to mitigate the risk.
Upgrade PraisonAIAgents to version 1.5.128. If immediate upgrade is not possible, implement temporary workarounds like WAF rules or network restrictions.
There is currently no indication of active exploitation in the wild or publicly available proof-of-concept code.
Refer to the PraisonAIAgents project's official communication channels and security advisories for the latest information.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo requirements.txt y te decimos al instante si estás afectado.