Product
PraisonAI versions prior to 1.6.78 are vulnerable to server-side request forgery (SSRF) due to an issue in the Crawl4AI/Chromium backend, allowing attackers to bypass existing SSRF validation by employing DNS rebinding and HTTP redirects to access and exfiltrate sensitive internal responses, including canary values.