Description
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.
Published: 2026-05-08
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PraisonAI contains a logic flaw in its URL checking routine that allows attackers to craft requests that bypass safeguards, leading to SSRF. This flaw permits the application to resolve arbitrary URLs sent by a user, potentially causing the system to send requests to internal network addresses or other unintended destinations. The flaw is categorized as CWE-918 and can lead to the compromise of confidentiality and integrity of internal resources accessible through the application.

Affected Systems

The vulnerability affects PraisonAI by MervinPraison, specifically all releases prior to version 1.6.32. Any deployment running a version older than 1.6.32 is considered vulnerable and should be evaluated for an upgrade.

Risk and Exploitability

The CVSS score of 7.7 classifies this as high severity; the EPSS score is not available, so the current exploitation probability is unknown. It is not listed in the CISA KEV catalog. Attackers can exploit this remotely by submitting crafted HTTP requests to the application’s URL handling endpoint, surreptitiously making the application perform internal network requests.

Generated by OpenCVE AI on May 8, 2026 at 19:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PraisonAI to version 1.6.32 or later.
  • If upgrading immediately is not feasible, limit or disable the endpoint that accepts user‑supplied URLs to reduce the attack surface.
  • Apply network segmentation or firewall rules to prevent internal network calls originating from PraisonAI.

Generated by OpenCVE AI on May 8, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-q9pw-vmhh-384g PraisonAI has an SSRF bypass
History

Fri, 08 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Mervinpraison
Mervinpraison praisonai
Vendors & Products Mervinpraison
Mervinpraison praisonai

Fri, 08 May 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Praison
Praison praisonaiagents
CPEs cpe:2.3:a:praison:praisonaiagents:*:*:*:*:*:python:*:*
Vendors & Products Praison
Praison praisonaiagents
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 08 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.
Title SSRF bypass in PraisonAI
Weaknesses CWE-918
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Mervinpraison Praisonai
Praison Praisonaiagents
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T14:46:13.605Z

Reserved: 2026-05-05T19:52:59.147Z

Link: CVE-2026-44335

cve-icon Vulnrichment

Updated: 2026-05-08T14:45:39.222Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:46.290

Modified: 2026-05-08T19:09:07.730

Link: CVE-2026-44335

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T22:30:18Z

Weaknesses