CVE-2026-60091

MervinPraison · PraisonAI

PraisonAI contains an unauthenticated Server-Side Request Forgery (SSRF) vulnerability that allows attackers to force the server to send requests to arbitrary internal or external destinations.

Executive summary

An unauthenticated Server-Side Request Forgery (SSRF) flaw in PraisonAI allows attackers to trigger unauthorized outbound requests from the application server.

Vulnerability

This vulnerability is a Server-Side Request Forgery (CWE-918) that allows unauthenticated attackers to supply malicious inputs, forcing the application to perform unauthorized requests. This can be used to scan internal networks or interact with internal services that are otherwise unreachable from the public internet.

Business impact

With a CVSS score of 7.2 (High), this SSRF vulnerability represents a significant risk to internal infrastructure. Attackers can bypass firewall protections to reach internal APIs, cloud metadata services, or other sensitive infrastructure, leading to potential data exfiltration or service disruption.

Remediation

Immediate Action: Update PraisonAI to version 4.6.78 or later to patch the SSRF vulnerability.

Proactive Monitoring: Monitor outbound network traffic from the PraisonAI server for connections to sensitive internal IP ranges or unexpected external domains.

Compensating Controls: Implement egress filtering at the network level to restrict the server's ability to communicate with internal resources that it does not explicitly need to access.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

The combination of unauthenticated access and SSRF-based internal network exposure makes this vulnerability a high priority for remediation. Administrators are urged to update to version 4.6.78 immediately to prevent potential exploitation of internal systems.