PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL
翻译中…平台
python
组件
praisonaiagents
修复版本
1.5.96
1.5.95
CVE-2026-34954 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the praisonaiagents Python library. This flaw allows an attacker to leverage the FileTools.download_file() function to make arbitrary requests to internal network services or cloud metadata endpoints, potentially exposing sensitive information. The vulnerability impacts versions of praisonaiagents up to and including 1.5.94, and a fix is available in version 1.5.95.
检测此 CVE 是否影响你的项目
上传你的 requirements.txt 文件,立即知道是否受影响。
影响与攻击场景翻译中…
The SSRF vulnerability in praisonaiagents arises from insufficient validation of the url parameter within the FileTools.downloadfile() function. The code directly passes this unvalidated URL to httpx.stream() with followredirects=True, enabling an attacker to control the destination of the request. This allows access to internal resources that should be inaccessible from the outside. Attackers could potentially retrieve sensitive data from cloud metadata services (e.g., AWS instance IDs, Azure credentials), access internal databases, or even trigger actions on other internal systems. The blast radius extends to any service accessible from the server running praisonaiagents, making it a significant security risk.
利用背景翻译中…
This vulnerability was publicly disclosed on 2026-04-01. There is currently no indication of active exploitation campaigns targeting this specific vulnerability. No public proof-of-concept exploits have been released. The vulnerability is not currently listed on the CISA KEV catalog. The SSRF nature of the vulnerability means it could be exploited opportunistically if an attacker gains access to a system running a vulnerable version of praisonaiagents.
哪些人处于风险中翻译中…
Organizations deploying praisonaiagents in environments with access to sensitive internal services or cloud metadata are at significant risk. This includes those using praisonaiagents for data processing, automation, or integration with cloud platforms. Shared hosting environments where multiple users share the same server are also particularly vulnerable, as a compromised user could potentially exploit this vulnerability to access resources belonging to other users.
检测步骤翻译中…
• python / server:
import os
import subprocess
def check_praisonaiagents_version():
try:
result = subprocess.check_output(['pip', 'show', 'praisonaiagents'], stderr=subprocess.STDOUT, text=True)
for line in result.splitlines():
if line.startswith('Version:'):
version = line.split(':')[1].strip()
if version <= '1.5.94':
print(f"Vulnerable version detected: {version}")
else:
print(f"Safe version detected: {version}")
return
except FileNotFoundError:
print("praisonaiagents not found.")
check_praisonaiagents_version()攻击时间线
- Disclosure
disclosure
威胁情报
漏洞利用状态
EPSS
0.04% (13% 百分位)
CISA SSVC
CVSS 向量
这些指标意味着什么?
- Attack Vector
- 网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
- Attack Complexity
- 低 — 无需特殊条件,可以稳定地利用漏洞。
- Privileges Required
- 无 — 无需认证,无需凭证即可利用。
- User Interaction
- 无 — 攻击自动且无声,受害者无需任何操作。
- Scope
- 已改变 — 攻击可以超出脆弱组件,影响其他系统。
- Confidentiality
- 高 — 完全丧失机密性,攻击者可读取所有数据。
- Integrity
- 无 — 无完整性影响。
- Availability
- 无 — 无可用性影响。
受影响的软件
弱点分类 (CWE)
时间线
- 已保留
- 发布日期
- 修改日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The primary mitigation for CVE-2026-34954 is to upgrade to version 1.5.95 or later of praisonaiagents. This version includes the necessary validation to prevent the SSRF vulnerability. If an immediate upgrade is not feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound requests and block those targeting internal or sensitive endpoints. Additionally, restrict network access to the server running praisonaiagents to only necessary ports and services. Carefully review and restrict the permissions granted to the user account running the praisonaiagents process to minimize potential damage. After upgrading, confirm the fix by attempting to trigger the download with a URL pointing to an internal service; the request should be blocked.
修复方法翻译中…
Actualice PraisonAI a la versión 1.5.95 o superior para mitigar la vulnerabilidad SSRF. Esta actualización valida correctamente la URL proporcionada al método download_file(), previniendo el acceso no autorizado a recursos internos y externos.
CVE 安全通讯
漏洞分析和关键警报直接发送到您的邮箱。
常见问题翻译中…
What is CVE-2026-34954 — SSRF in praisonaiagents?
CVE-2026-34954 is a Server-Side Request Forgery (SSRF) vulnerability in the praisonaiagents library, allowing attackers to make unauthorized requests to internal services.
Am I affected by CVE-2026-34954 in praisonaiagents?
You are affected if you are using praisonaiagents versions 1.5.94 or earlier. Upgrade to 1.5.95 to mitigate the risk.
How do I fix CVE-2026-34954 in praisonaiagents?
Upgrade to version 1.5.95 or later of praisonaiagents. Consider WAF rules or proxy filtering as a temporary workaround if immediate upgrade is not possible.
Is CVE-2026-34954 being actively exploited?
There is currently no evidence of active exploitation, but the SSRF nature of the vulnerability means it could be exploited opportunistically.
Where can I find the official praisonaiagents advisory for CVE-2026-34954?
Refer to the praisonaiagents project's official release notes and security advisories for the most up-to-date information.