CVE-2026-34936

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.90

Description PraisonAI's passthrough() and apassthrough() functions accept a caller-controlled api base parameter. This parameter is concatenated with the endpoint and passed directly to httpx.Client.request() when an AttributeError occurs in the litellm primary path. The system lacks URL scheme validation, private IP filtering, or a domain allowlist, enabling requests to any reachable host. The functions passthrough() and apassthrough() are vulnerable. The vulnerable code is located in passthrough.py lines 92, 109, and 110. An attacker can potentially retrieve IAM credentials on cloud infrastructure with IMDSv1 enabled, and access internal services without authentication within a VPC.

Recommendations Update PraisonAI to version 4.5.90 or later.