GHSA-4pcv-mg8v-vrgf: PraisonAI: Server-Side Request Forgery (SSRF) in SearxNG / search_web tools via attacker-controlled searxng_url parameter
Summary
PraisonAI's search tools contain a Server-Side Request Forgery (SSRF) vulnerability, where an attacker can trick the AI into making HTTP requests to arbitrary internal URLs by controlling the `searxng_url` parameter. Because this parameter is exposed to the language model as a tool option and search tools are enabled by default, an attacker can inject malicious instructions through web pages or files to make the server access internal services, read sensitive data, or in cloud environments reach the instance metadata endpoint (169.254.169.254) to potentially steal credentials.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://github.com/advisories/GHSA-4pcv-mg8v-vrgf
First tracked: June 18, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%