{"data":{"id":"0a00de76-4d7f-4b5a-bed8-eb67dbbc9f7c","title":"CVE-2026-40150: PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_c","summary":"PraisonAIAgents is a system that coordinates multiple AI agents working together as teams. Before version 1.5.128, the web_crawl() function didn't check URLs before fetching them, allowing attackers or malicious content to trick agents into accessing sensitive internal systems, cloud configuration data, or local files through specially crafted URLs like file:// paths.","solution":"Update PraisonAIAgents to version 1.5.128 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40150","publishedAt":"2026-04-09T22:16:35.900Z","cveId":"CVE-2026-40150","cweIds":["CWE-918"],"cvssScore":"7.7","cvssSeverity":"high","severity":"high","attackType":["prompt_injection","data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["PraisonAIAgents"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-09T22:16:35.900Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0051"]}}