Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-40114— PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API

CVSS 7.2 · High EPSS 0.04% · P13
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-40114

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
Source: NVD (National Vulnerability Database)
Vulnerability Description
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in the request body with no URL validation. When a submitted job completes (success or failure), the server makes an HTTP POST request to this URL using httpx.AsyncClient. An unauthenticated attacker can use this to make the server send POST requests to arbitrary internal or external destinations, enabling SSRF against cloud metadata services, internal APIs, and other network-adjacent services. This vulnerability is fixed in 4.5.128.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
PraisonAI 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PraisonAI是Mervin Praison个人开发者的一个低代码多智能体协作框架。 PraisonAI 4.5.128之前版本存在代码问题漏洞,该漏洞源于/api/v1/runs端点接受任意webhook_url且未进行URL验证,可能导致服务器向任意内部或外部目标发送POST请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
MervinPraisonPraisonAI < 4.5.128 -

II. Public POCs for CVE-2026-40114

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-40114

登录查看更多情报信息。

Same Patch Batch · MervinPraison · 2026-04-09 · 15 CVEs total

CVE-2026-400889.7 CRITICALImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-401549.3 CRITICALPraisonAI Affected by Untrusted Remote Template Code Execution
CVE-2026-401138.4 HIGHPraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized C
CVE-2026-401497.9 HIGHPraisonAI has an Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safe
CVE-2026-401507.7 HIGHPraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
CVE-2026-401167.5 HIGHPraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without
CVE-2026-401537.4 HIGHPraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvar
CVE-2026-401486.5 MEDIUMPraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Lim
CVE-2026-401156.2 MEDIUMPraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Ex
CVE-2026-401176.2 MEDIUMPraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boun
CVE-2026-401125.4 MEDIUMPraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Require
CVE-2026-401515.3 MEDIUMPraisonAI Affected by Unauthenticated Information Disclosure of Agent Instructions via /ap
CVE-2026-401525.3 MEDIUMPraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses W
CVE-2026-40111PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memor

IV. Related Vulnerabilities

Same product: PraisonAI
Same vendor: MervinPraison
Same weakness: CWE-918

V. Comments for CVE-2026-40114

No comments yet

Leave a comment