CVE-2026-34936
PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback
CVSS Score
7.7
EPSS Score
0.0%
EPSS Percentile
8th
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a caller-controlled api_base parameter that is concatenated with endpoint and passed directly to httpx.Client.request() when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is applied, allowing requests to any host reachable from the server. This issue has been patched in version 4.5.90.
| CWE | CWE-918 |
| Vendor | mervinpraison |
| Product | praisonai |
| Published | Apr 3, 2026 |
| Last Updated | Apr 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for mervinpraison praisonai
Be the first to know when new high vulnerabilities affecting mervinpraison praisonai are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
MervinPraison / PraisonAI
< 4.5.90