Lucene search
K

5 matches found

NVD
NVD
added 2026/06/23 7:17 p.m.7 views

CVE-2026-53755

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through...

8.6CVSS0.00289EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 10:16 p.m.5 views

PYSEC-2026-596

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

8.6CVSS5.9AI score0.00421EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.6 views

CVE-2026-56266

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

9.2CVSS6AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.24 views

CVE-2026-56266 Crawl4AI - Server-Side Request Forgery via Direct Crawl Endpoints

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

9.2CVSS0.00276EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/16 9:2 p.m.11 views

Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check

Summary The Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while usin...

8.6CVSS5.5AI score0.00289EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder