8 matches found
CVE-2026-26216
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
EUVD-2025-11903
Malicious code in bioql PyPI...
Server-Side Request Forgery (SSRF)
Crawl4AI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation and insufficient sanitization of user-controlled URLs in /crawl4ai/asyncdispatcher.py, allowing unauthorized internal network access...
GHSA-445M-27CF-GR3X Crawl4AI SSRF vulnerability
Crawl4AI =0.4.247 is vulnerable to SSRF in /crawl4ai/asyncdispatcher.py...
Crawl4AI SSRF vulnerability
Crawl4AI =0.4.247 is vulnerable to SSRF in /crawl4ai/asyncdispatcher.py...
CVE-2025-28197
Crawl4AI =0.4.247 is vulnerable to SSRF in /crawl4ai/asyncdispatcher.py...
CVE-2025-28197
Crawl4AI =0.4.247 is vulnerable to SSRF in /crawl4ai/asyncdispatcher.py...
CVE-2025-28197
CVE-2025-28197 relates to Crawl4AI