{"data":{"id":"5b455c97-c1ed-4525-a51b-d5129b9ba74d","title":"GHSA-x6m9-gxvr-7jpv: PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback","summary":"PraisonAI's `passthrough()` function accepts a user-controlled `api_base` parameter (the server address to send requests to) and uses it without validation when the primary request method fails. This allows an attacker to make the server send requests to any address it can reach, including internal services like cloud metadata servers that contain sensitive credentials, a vulnerability called SSRF (server-side request forgery, where an attacker tricks a server into requesting internal resources). The flaw affects PraisonAI version 1.5.87 and potentially others.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-x6m9-gxvr-7jpv","publishedAt":"2026-04-01T23:21:45.000Z","cveId":"CVE-2026-34936","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["praisonai@<= 4.5.89 (fixed: 4.5.90)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["PraisonAI","litellm","OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-04-01T23:21:45.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}