GHSA-92x2-g374-gcvxHighCVSS 8.5

PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the web_crawl...

Published
July 15, 2026
Last Modified
July 15, 2026

🔗 CVE IDs covered (1)

📋 Description

PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the web_crawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies from private or loopback services.

🔗 References (4)