CVE-2026-40150: PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_c
Summary
PraisonAIAgents is a system that coordinates multiple AI agents working together as teams. Before version 1.5.128, the web_crawl() function didn't check URLs before fetching them, allowing attackers or malicious content to trick agents into accessing sensitive internal systems, cloud configuration data, or local files through specially crafted URLs like file:// paths.
Solution / Mitigation
Update PraisonAIAgents to version 1.5.128 or later, where this vulnerability is fixed.
Vulnerability Details
7.7(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
network
low
low
none
April 9, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-40150
First tracked: April 9, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 92%