PT-2026-60136 · Mervinpraison · Praisonai

Dinhvaren

·

Published

2026-07-15

·

Updated

2026-07-15

·

CVE-2026-61430

CVSS v3.1

8.5

High

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the web crawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies from private or loopback services.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61430

Affected Products

Praisonai