CVE-2026-34954

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.95

Description PraisonAI's FileTools.download file() function does not validate the url parameter before passing it to httpx.stream() with follow redirects=True. This allows an attacker controlling the URL to access any host accessible from the server, including cloud metadata services and internal network services. The vulnerability can be exploited through open-redirect chaining, bypassing partial URL filters. On cloud infrastructure with IMDSv1 enabled, an attacker can potentially retrieve IAM credentials and write them to disk. The vulnerable code is located in file tools.py lines 259 and 296. The url parameter is taken directly from the caller without validation and then passed to httpx.stream() without proper sanitization.

Recommendations Update PraisonAI to version 1.5.95 or later.