CVE-2026-44335

Published: Mag 08, 2026 Last Modified: Mag 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,7

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

CRITICAL 9,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

View CWE Details

Application

Praisonaiagents by Praison

Product Information

Vendor Praison

Product Praisonaiagents

Version Range Affected

To 1.6.32 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:praison:praisonaiagents:*:*:*:*:*:python:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/MervinPraison/PraisonAI/security/advisor…

https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q9pw-vmhh-3…