Vulnerability Description
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. This allows an attacker (or prompt injection in crawled content) to force the agent to fetch cloud metadata endpoints, internal services, or local files via file:// URLs. This vulnerability is fixed in 1.5.128.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Praison | Praisonaiagents | < 1.5.128 |
Related Weaknesses (CWE)
References
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8f4v-xfm9-32ExploitVendor Advisory
- https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-8f4v-xfm9-32ExploitVendor Advisory
FAQ
What is CVE-2026-40150?
CVE-2026-40150 is a vulnerability with a CVSS score of 7.7 (HIGH). PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No sch...
How severe is CVE-2026-40150?
CVE-2026-40150 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-40150?
Check the references section above for vendor advisories and patch information. Affected products include: Praison Praisonaiagents.