Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-61430

HIGH NVD
CVSS Score 8.5
Severity HIGH
Published Jul 15, 2026
Vendor unknown

Description

PraisonAI before 1.6.78 contains a server-side request forgery vulnerability in the web_crawl tool that validates hostnames at check time but re-resolves them at connection time without IP pinning. Attackers can use DNS rebinding to bypass SSRF protection and retrieve internal HTTP response bodies from private or loopback services.

References