Description
Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reach internal services and cloud metadata endpoints.
Published: 2026-06-22
Score: 9.2 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Server‑Side Request Forgery (SSRF) in Crawl4AI version 0.8.7 and earlier, affecting the /crawl, /crawl/stream, /md, and /llm endpoints. The endpoints retrieve arbitrary URLs provided by the attacker without validation, allowing an unauthenticated user to access internal services, service metadata, and other sensitive resources. This flaw can compromise confidentiality, integrity, or availability and falls under CWE‑918.

Affected Systems

Vendor: Crawl4AI. Product: Crawl4AI. Versions before 0.8.7 are affected; the CVE does not specify individual patch releases beyond the 0.8.7 threshold.

Risk and Exploitability

The CVSS score of 9.2 indicates a high severity issue. EPSS data are not available, so the exact likelihood of exploitation cannot be quantified, but the lack of input validation combined with the ability to use IPv6‑mapped IPv4 addresses to bypass internal-address blocklists suggests that the attack is practical and can be performed without authentication. The vulnerability is not listed in the CISA KEV catalog, indicating no known mass exploitation, yet the exposed endpoints pose a significant risk to exposed environments.

Generated by OpenCVE AI on June 22, 2026 at 23:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Crawl4AI to version 0.8.7 or later to remove the SSRF flaw.
  • If an upgrade cannot be performed immediately, restrict access to the vulnerable endpoints to trusted IP ranges and monitor outbound traffic for suspicious requests.
  • Implement strict validation of user‑supplied URLs, permitting only whitelisted domains or IPs and denying internal or private addresses.

Generated by OpenCVE AI on June 22, 2026 at 23:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-365w-hqf6-vxfg Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution
History

Mon, 22 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Description Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reach internal services and cloud metadata endpoints.
Title Crawl4AI - Server-Side Request Forgery via Direct Crawl Endpoints
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-22T21:04:44.755Z

Reserved: 2026-06-20T01:42:20.615Z

Link: CVE-2026-56266

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T23:30:05Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)