<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Webhook-Bypass - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/webhook-bypass/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 15 Jul 2026 12:28:48 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/webhook-bypass/feed.xml" rel="self" type="application/rss+xml"/><item><title>PraisonAI web_crawl Tool Vulnerable to DNS Rebinding SSRF (CVE-2026-61430)</title><link>https://feed.craftedsignal.io/briefs/2026-07-praisonai-ssrf/</link><pubDate>Wed, 15 Jul 2026 12:28:48 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-praisonai-ssrf/</guid><description>PraisonAI versions prior to 1.6.78 are vulnerable to server-side request forgery (SSRF) within its web_crawl tool, allowing attackers to bypass hostname validation using DNS rebinding and retrieve sensitive internal HTTP response bodies from private or loopback services.</description><content:encoded><![CDATA[<p>PraisonAI, an artificial intelligence platform, contains a critical server-side request forgery (SSRF) vulnerability, identified as CVE-2026-61430, affecting versions prior to 1.6.78. This flaw resides within the <code>web_crawl</code> tool, which is designed to validate hostnames during an initial check but then re-resolves them without IP pinning at the connection phase. Attackers can leverage DNS rebinding techniques to exploit this time-of-check-time-of-use (TOCTOU) vulnerability. By manipulating DNS resolution, an attacker can trick the <code>web_crawl</code> tool into making requests to internal private or loopback services, even if the initial hostname appears legitimate. The successful exploitation of this vulnerability allows adversaries to retrieve internal HTTP response bodies, potentially leading to information disclosure, reconnaissance of internal networks, and further compromise.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker identifies a PraisonAI instance running a vulnerable version (prior to 1.6.78) with the <code>web_crawl</code> tool exposed.</li>
<li>The attacker sets up a malicious DNS server configured to perform DNS rebinding, capable of rapidly changing the IP address associated with a controlled domain.</li>
<li>The attacker crafts a request to the PraisonAI <code>web_crawl</code> tool, providing a hostname that is initially configured to resolve to a public IP address controlled by their malicious DNS server.</li>
<li>PraisonAI's <code>web_crawl</code> tool performs an initial DNS resolution and hostname validation. The hostname resolves to the public IP, and the validation check passes.</li>
<li>Before or during the connection establishment phase, the attacker's malicious DNS server quickly updates the DNS record for the same hostname, causing it to re-resolve to an internal IP address (e.g., 127.0.0.1, 192.168.x.x, or another private network address) with a very short time-to-live (TTL).</li>
<li>The <code>web_crawl</code> tool connects to the newly re-resolved internal IP address without performing a secondary hostname or IP validation, effectively bypassing the intended SSRF protection mechanism.</li>
<li>The <code>web_crawl</code> tool fetches the HTTP response body from the internal service located at the re-resolved internal IP address.</li>
<li>The internal HTTP response body is returned to the attacker as part of the <code>web_crawl</code> tool's output, thereby exposing sensitive internal information such as configuration data, API keys, or application secrets.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-61430 allows attackers to access internal network resources that should not be publicly exposed. This can lead to the retrieval of sensitive HTTP response bodies from private or loopback services, enabling deep reconnaissance of an organization's internal infrastructure. Attackers can map internal networks, discover hidden services, access administrative interfaces, or exfiltrate sensitive data from internal applications. While no specific victim counts or sectors are detailed in the advisory, any organization utilizing vulnerable PraisonAI instances faces a high risk of information disclosure and potential lateral movement within their network.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade PraisonAI to version 1.6.78 or later immediately to patch CVE-2026-61430.</li>
<li>Implement network segmentation to restrict PraisonAI's access to only necessary external and internal resources.</li>
<li>Monitor outbound DNS queries from web application servers for unusual re-resolutions to private IP ranges, which may indicate DNS rebinding attempts.</li>
<li>Implement web application firewalls (WAFs) or API gateways to filter and inspect requests to the <code>web_crawl</code> tool, looking for suspicious hostnames or patterns indicative of SSRF attempts.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>ssrf</category><category>dns-rebinding</category><category>vulnerability</category><category>web-application</category><category>code-injection</category><category>remote-code-execution</category><category>python</category><category>cve</category><category>webhook-bypass</category><category>improper-authentication</category><category>application-vulnerability</category><category>path-traversal</category></item></channel></rss>