Description
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / validate_url_destination in deploy/docker/utils.py) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints (e.g. 169.254.169.254) despite the filter by encoding an internal IPv4 address inside an IPv6 transition form, or by using the IPv6 unspecified address. Because the Docker API is unauthenticated by default (jwt_enabled: false), no credentials are required. This vulnerability is fixed in 0.8.8.
Published: 2026-06-23
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the SSRF protection logic of the Crawl4AI Docker API server, specifically in the URL validation used to guard webhook callbacks. The filter relied on a hard‑coded IPv4 and IPv6 CIDR blocklist that attacker to encode an internal IPv4 address inside an IPv6 transition form or use the IPv6 unspecified address. This bypass allows the crawler to issue requests to internal services and cloud metadata endpoints such as 169.254.169.254, thus exposing sensitive data or internal network resources. The flaw is a form of input validation.

Affected Systems

All installations of the open‑source Crawl4AI LLM‑friendly web crawler with Docker deployment.8 are affected. The product is provided by the vendor unclecode. Versions 0.8.0 through 0.8.7 do not contain the fix; any release 0.8.8 or newer includes the remediation.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. Because the Docker API server is unauthenticated by default (jwt_enabled is false), no credentials are required; any host that can reach the API endpoint can trigger the SSRF. The exploit can be performed by sending a crafted URL to the server, which will then fetch internal resources, potentially leaking data or enabling further attacks. The EPSS score is not available, but the lack of authentication makes the vulnerability very likely to be exploited in environments where the API is exposed. The issue is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 24, 2026 at 10:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Crawl4AI to version 0.8.8 or later to apply the vendor patch.
  • Enable authentication for the Docker API server (set jwt API endpoint to trusted IP ranges.
  • Configure additional firewall or network controls to block traffic from the API server to internal metadata endpoints and other privileged services.

Generated by OpenCVE AI on June 24, 2026 at 10:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-4qqr-vv2q-cmr5 Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
History

Tue, 23 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Unclecode
Unclecode crawl4ai
Vendors & Products Unclecode
Unclecode crawl4ai

Tue, 23 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / validate_url_destination in deploy/docker/utils.py) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints (e.g. 169.254.169.254) despite the filter by encoding an internal IPv4 address inside an IPv6 transition form, or by using the IPv6 unspecified address. Because the Docker API is unauthenticated by default (jwt_enabled: false), no credentials are required. This vulnerability is fixed in 0.8.8.
Title Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Unclecode Crawl4ai
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-23T18:54:14.891Z

Reserved: 2026-06-10T17:48:40.546Z

Link: CVE-2026-53754

cve-icon Vulnrichment

Updated: 2026-06-23T18:54:09.439Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T10:15:05Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)