{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-40114/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.2,"id":"CVE-2026-40114"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ssrf","praisonai","cve-2026-40114","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003ePraisonAI, a multi-agent teams system, is susceptible to a Server-Side Request Forgery (SSRF) vulnerability affecting versions prior to 4.5.128. The vulnerability resides in the \u003ccode\u003e/api/v1/runs\u003c/code\u003e endpoint, which accepts a \u003ccode\u003ewebhook_url\u003c/code\u003e parameter in the request body without proper validation. This allows an unauthenticated attacker to specify an arbitrary URL, causing the PraisonAI server to send an HTTP POST request to that URL upon job completion. This flaw enables attackers to target internal services, cloud metadata endpoints, and other network-adjacent resources, potentially leading to information disclosure, privilege escalation, or denial-of-service. Organizations using affected versions of PraisonAI should upgrade to version 4.5.128 or later to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a PraisonAI instance running a version prior to 4.5.128.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST request to the \u003ccode\u003e/api/v1/runs\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a \u003ccode\u003ewebhook_url\u003c/code\u003e parameter containing a URL pointing to an internal service, cloud metadata endpoint, or external attacker-controlled server.\u003c/li\u003e\n\u003cli\u003eThe PraisonAI server receives the request and queues a job.\u003c/li\u003e\n\u003cli\u003eThe job completes (either successfully or with an error).\u003c/li\u003e\n\u003cli\u003eUpon completion, the server, using \u003ccode\u003ehttpx.AsyncClient\u003c/code\u003e, initiates an HTTP POST request to the URL specified in the \u003ccode\u003ewebhook_url\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eIf the \u003ccode\u003ewebhook_url\u003c/code\u003e points to an internal service, the attacker can potentially access sensitive information or trigger actions within that service.\u003c/li\u003e\n\u003cli\u003eIf the \u003ccode\u003ewebhook_url\u003c/code\u003e points to a cloud metadata endpoint, the attacker can retrieve cloud credentials or configuration details.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SSRF vulnerability allows an unauthenticated attacker to force the PraisonAI server to make arbitrary HTTP POST requests. This can lead to the exposure of sensitive information from internal services or cloud metadata, potentially granting the attacker unauthorized access to systems and data. The vulnerability could also be leveraged to perform denial-of-service attacks against internal resources. While the exact number of affected organizations is unknown, any organization running a vulnerable version of PraisonAI is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade PraisonAI instances to version 4.5.128 or later to remediate CVE-2026-40114.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for requests to the \u003ccode\u003e/api/v1/runs\u003c/code\u003e endpoint containing suspicious \u003ccode\u003ewebhook_url\u003c/code\u003e parameters to detect potential exploitation attempts. Deploy the Sigma rule to detect suspicious webhook URLs.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unexpected outbound connections originating from the PraisonAI server to internal or external destinations, as this could indicate SSRF exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T22:16:35Z","date_published":"2026-04-09T22:16:35Z","id":"/briefs/2024-01-praisonai-ssrf/","summary":"PraisonAI versions prior to 4.5.128 are vulnerable to Server-Side Request Forgery (SSRF) due to a lack of URL validation on the webhook_url parameter in the /api/v1/runs endpoint, allowing unauthenticated attackers to send arbitrary POST requests from the server.","title":"PraisonAI SSRF Vulnerability via Unvalidated Webhook URL","url":"https://feed.craftedsignal.io/briefs/2024-01-praisonai-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-40114","version":"https://jsonfeed.org/version/1.1"}