{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/webhook-bypass/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.5,"id":"CVE-2026-61430"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PraisonAI","PraisonAI (\u003c 1.6.78)"],"_cs_severities":["high"],"_cs_tags":["ssrf","dns-rebinding","vulnerability","web-application","code-injection","remote-code-execution","python","cve","webhook-bypass","improper-authentication","application-vulnerability","path-traversal"],"_cs_type":"advisory","_cs_vendors":["MervinPraison"],"content_html":"\u003cp\u003ePraisonAI, an artificial intelligence platform, contains a critical server-side request forgery (SSRF) vulnerability, identified as CVE-2026-61430, affecting versions prior to 1.6.78. This flaw resides within the \u003ccode\u003eweb_crawl\u003c/code\u003e tool, which is designed to validate hostnames during an initial check but then re-resolves them without IP pinning at the connection phase. Attackers can leverage DNS rebinding techniques to exploit this time-of-check-time-of-use (TOCTOU) vulnerability. By manipulating DNS resolution, an attacker can trick the \u003ccode\u003eweb_crawl\u003c/code\u003e tool into making requests to internal private or loopback services, even if the initial hostname appears legitimate. The successful exploitation of this vulnerability allows adversaries to retrieve internal HTTP response bodies, potentially leading to information disclosure, reconnaissance of internal networks, and further compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a PraisonAI instance running a vulnerable version (prior to 1.6.78) with the \u003ccode\u003eweb_crawl\u003c/code\u003e tool exposed.\u003c/li\u003e\n\u003cli\u003eThe attacker sets up a malicious DNS server configured to perform DNS rebinding, capable of rapidly changing the IP address associated with a controlled domain.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a request to the PraisonAI \u003ccode\u003eweb_crawl\u003c/code\u003e tool, providing a hostname that is initially configured to resolve to a public IP address controlled by their malicious DNS server.\u003c/li\u003e\n\u003cli\u003ePraisonAI's \u003ccode\u003eweb_crawl\u003c/code\u003e tool performs an initial DNS resolution and hostname validation. The hostname resolves to the public IP, and the validation check passes.\u003c/li\u003e\n\u003cli\u003eBefore or during the connection establishment phase, the attacker's malicious DNS server quickly updates the DNS record for the same hostname, causing it to re-resolve to an internal IP address (e.g., 127.0.0.1, 192.168.x.x, or another private network address) with a very short time-to-live (TTL).\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eweb_crawl\u003c/code\u003e tool connects to the newly re-resolved internal IP address without performing a secondary hostname or IP validation, effectively bypassing the intended SSRF protection mechanism.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eweb_crawl\u003c/code\u003e tool fetches the HTTP response body from the internal service located at the re-resolved internal IP address.\u003c/li\u003e\n\u003cli\u003eThe internal HTTP response body is returned to the attacker as part of the \u003ccode\u003eweb_crawl\u003c/code\u003e tool's output, thereby exposing sensitive internal information such as configuration data, API keys, or application secrets.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-61430 allows attackers to access internal network resources that should not be publicly exposed. This can lead to the retrieval of sensitive HTTP response bodies from private or loopback services, enabling deep reconnaissance of an organization's internal infrastructure. Attackers can map internal networks, discover hidden services, access administrative interfaces, or exfiltrate sensitive data from internal applications. While no specific victim counts or sectors are detailed in the advisory, any organization utilizing vulnerable PraisonAI instances faces a high risk of information disclosure and potential lateral movement within their network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade PraisonAI to version 1.6.78 or later immediately to patch CVE-2026-61430.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to restrict PraisonAI's access to only necessary external and internal resources.\u003c/li\u003e\n\u003cli\u003eMonitor outbound DNS queries from web application servers for unusual re-resolutions to private IP ranges, which may indicate DNS rebinding attempts.\u003c/li\u003e\n\u003cli\u003eImplement web application firewalls (WAFs) or API gateways to filter and inspect requests to the \u003ccode\u003eweb_crawl\u003c/code\u003e tool, looking for suspicious hostnames or patterns indicative of SSRF attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-15T12:34:07Z","date_published":"2026-07-15T12:28:48Z","id":"https://feed.craftedsignal.io/briefs/2026-07-praisonai-ssrf/","summary":"PraisonAI versions prior to 1.6.78 are vulnerable to server-side request forgery (SSRF) within its web_crawl tool, allowing attackers to bypass hostname validation using DNS rebinding and retrieve sensitive internal HTTP response bodies from private or loopback services.","title":"PraisonAI web_crawl Tool Vulnerable to DNS Rebinding SSRF (CVE-2026-61430)","url":"https://feed.craftedsignal.io/briefs/2026-07-praisonai-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed - Webhook-Bypass","version":"https://jsonfeed.org/version/1.1"}