CVE Catalog

CVE-2026-46497

LowCVSS 2.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

13th percentile — higher than 13% of all known CVEs

Summary

Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0.

Risk Assessment

SSRF attacks may allow an attacker to access internal network resources, potentially leading to the exposure of sensitive data or system compromise.

Recommendation

It is recommended to upgrade the Crawlee library to version 1.7.0 or later to mitigate this vulnerability.

Original NVD description (English source)

Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS