CVE-2026-34954 | THREATINT

Description

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata services and internal network services. This issue has been patched in version 1.5.95.

PUBLISHED Reserved 2026-03-31 | Published 2026-04-03 | Updated 2026-04-06 | Assigner GitHub_M

HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-918: Server-Side Request Forgery (SSRF)

Product status

< 1.5.95

affected

References

github.com/...isonAI/security/advisories/GHSA-44c2-3rw4-5gvh

cve.org (CVE-2026-34954)

nvd.nist.gov (CVE-2026-34954)

Download JSON