PT-2026-57436 · Praisonai+2 · Praisonai+2
Dinhvaren
·
Published
2026-07-11
·
Updated
2026-07-11
·
CVE-2026-61429
CVSS v3.1
8.5
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PraisonAI versions prior to 1.6.78
Description
A server-side request forgery (SSRF) issue exists in the Crawl4AI/Chromium backend. This flaw allows attackers to bypass SSRF validation by utilizing DNS rebinding and HTTP redirects. By crafting specific URLs that resolve to internal services after the initial validation, an attacker can force the headless browser to follow redirects and read internal responses, which may include sensitive canary values.
Recommendations
Update PraisonAI to version 1.6.78 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chromium
Crawl4Ai
Praisonai