MervinPraison PraisonAI up to 1.5.94 FileTools.download_file url server-side request forgery

Summaryinfo

A vulnerability was found in MervinPraison PraisonAI up to 1.5.94. It has been classified as critical. Affected is the function FileTools.download_file. This manipulation of the argument url causes server-side request forgery. This vulnerability is registered as CVE-2026-34954. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in MervinPraison PraisonAI up to 1.5.94. It has been declared as critical. Affected by this vulnerability is the function FileTools.download_file. The manipulation of the argument url with an unknown input leads to a server-side request forgery vulnerability. The CWE definition for the vulnerability is CWE-918. The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata services and internal network services. This issue has been patched in version 1.5.95.

It is possible to read the advisory at github.com. This vulnerability is known as CVE-2026-34954 since 03/31/2026. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit.

Upgrading to version 1.5.95 eliminates this vulnerability.

Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Vendor

• MervinPraison

Name

• PraisonAI

Version

• 1.5.0
• 1.5.1
• 1.5.2
• 1.5.3
• 1.5.4
• 1.5.5
• 1.5.6
• 1.5.7
• 1.5.8
• 1.5.9
• 1.5.10
• 1.5.11
• 1.5.12
• 1.5.13
• 1.5.14
• 1.5.15
• 1.5.16
• 1.5.17
• 1.5.18
• 1.5.19
• 1.5.20
• 1.5.21
• 1.5.22
• 1.5.23
• 1.5.24
• 1.5.25
• 1.5.26
• 1.5.27
• 1.5.28
• 1.5.29
• 1.5.30
• 1.5.31
• 1.5.32
• 1.5.33
• 1.5.34
• 1.5.35
• 1.5.36
• 1.5.37
• 1.5.38
• 1.5.39
• 1.5.40
• 1.5.41
• 1.5.42
• 1.5.43
• 1.5.44
• 1.5.45
• 1.5.46
• 1.5.47
• 1.5.48
• 1.5.49
• 1.5.50
• 1.5.51
• 1.5.52
• 1.5.53
• 1.5.54
• 1.5.55
• 1.5.56
• 1.5.57
• 1.5.58
• 1.5.59
• 1.5.60
• 1.5.61
• 1.5.62
• 1.5.63
• 1.5.64
• 1.5.65
• 1.5.66
• 1.5.67
• 1.5.68
• 1.5.69
• 1.5.70
• 1.5.71
• 1.5.72
• 1.5.73
• 1.5.74
• 1.5.75
• 1.5.76
• 1.5.77
• 1.5.78
• 1.5.79
• 1.5.80
• 1.5.81
• 1.5.82
• 1.5.83
• 1.5.84
• 1.5.85
• 1.5.86
• 1.5.87
• 1.5.88
• 1.5.89
• 1.5.90
• 1.5.91
• 1.5.92
• 1.5.93
• 1.5.94

Website

• Product: https://github.com/MervinPraison/PraisonAI/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion