{"data":{"id":"90ce6e02-8230-43a7-9abc-410237a44b94","title":"GHSA-4pcv-mg8v-vrgf: PraisonAI: Server-Side Request Forgery (SSRF) in SearxNG / search_web tools via attacker-controlled searxng_url parameter","summary":"PraisonAI's search tools contain a Server-Side Request Forgery (SSRF) vulnerability, where an attacker can trick the AI into making HTTP requests to arbitrary internal URLs by controlling the `searxng_url` parameter. Because this parameter is exposed to the language model as a tool option and search tools are enabled by default, an attacker can inject malicious instructions through web pages or files to make the server access internal services, read sensitive data, or in cloud environments reach the instance metadata endpoint (169.254.169.254) to potentially steal credentials.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-4pcv-mg8v-vrgf","publishedAt":"2026-06-18T14:27:12.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":["praisonaiagents@< 1.6.61 (fixed: 1.6.61)"],"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["PraisonAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-06-18T14:27:12.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}