CVE-2026-44335
CRITICAL WAF: Medium
CVSS 9.8
Published: 2026-05-08
CWE-918
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.
WAF Coverage Analysis
Server-Side Request Forgery (SSRF)
Medium WAF Coverage
OWASP: A10:2021 SSRF
934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| praison | praisonaiagents | up to 1.6.32 |
References
- github.com (Exploit, Vendor Advisory)