GHSA-x6m9-gxvr-7jpv: PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback
highvulnerabilityLLM-Specific
security
Summary
PraisonAI's `passthrough()` function accepts a user-controlled `api_base` parameter (the server address to send requests to) and uses it without validation when the primary request method fails. This allows an attacker to make the server send requests to any address it can reach, including internal services like cloud metadata servers that contain sensitive credentials, a vulnerability called SSRF (server-side request forgery, where an attacker tricks a server into requesting internal resources). The flaw affects PraisonAI version 1.5.87 and potentially others.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
April 1, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
LangChain
Affected Packages
praisonai@<= 4.5.89 (fixed: 4.5.90)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-x6m9-gxvr-7jpv
First tracked: April 1, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%