Signal

Two high-severity SSRF vulnerabilities found in PraisonAI components

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-10 19:28 UTCUpdated 2026-04-10 19:28 UTC

github

cveexploitssecurity_tooling

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (1 domains)

1 top source shown

PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API

github_advisories · github.com · 2026-04-10 19:28 UTC

limited source diversity in top sources

View all evidence

Overview

Two critical server-side request forgery (SSRF) vulnerabilities have been disclosed in PraisonAI software. One affects the web_crawl feature's httpx fallback due to an unvalidated URL (CVE-2026-40160). The other impacts the Jobs API via an unvalidated webhook_url parameter (CVE-2026-40114).

Entities

PraisonAI

Score total

0.59

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

The advisories were published recently, indicating active disclosure.
High severity ratings demand immediate attention from affected users.
Early awareness helps mitigate potential attacks exploiting these vulnerabilities.

Why it matters

SSRF vulnerabilities can allow attackers to access internal systems and sensitive data.
PraisonAI users must patch promptly to prevent exploitation.
These flaws highlight the importance of input validation in API and web components.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

PraisonAI software is vulnerable to SSRF via unvalidated URLs in web_crawl httpx fallback
PraisonAI Jobs API is vulnerable to SSRF via unvalidated webhook_url parameter

How sources frame it

Github_advisories: neutral

All evidence

PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API

github_advisories · github.com · 2026-04-10 19:28 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 1Origin domains: 1Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 1 / 0

Top publishers (this list)

github_advisories (1)

Top origin domains (this list)

github.com (1)