5 matches found
CVE-2026-57573 Crawl4AI unauthenticated SSRF in Docker streaming crawl endpoint
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handlestreamcrawlrequest passed seed URLs straight to the crawler with no destination validatio...
CVE-2026-57573
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handlestreamcrawlrequest passed seed URLs straight to the crawler with no destination validatio...
CVE-2026-57573
CVE-2026-57573 affects Crawl4AI: unauthenticated SSRF via the Docker stream endpoint. Before 0.9.0, SSRF checks were only on the non‑streaming /crawl path; handle_stream_crawl_request forwarded seed URLs with no destination validation. This allowed a remote, unauthenticated client to POST to /cra...
PT-2026-56004
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.9.0 Description The Docker API server fails to apply Server-Side Request Forgery SSRF destination checks on the streaming path. A remote unauthenticated client can exploit this by calling the 'POST /crawl/stream'...
GHSA-WM69-2PC3-RMMF Crawl4AI: Unauthenticated SSRF on the Docker server streaming crawl path (/crawl/stream)
Summary The Docker API server applied its SSRF destination check validateurldestination on the non-streaming /crawl path but not on the streaming path. handlestreamcrawlrequest passed seed URLs straight to the crawler with no destination validation. A remote, unauthenticated client could call POS...