CVE-2026-46497
LowCVSS 2.3Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0.
Risk Assessment
SSRF attacks may allow an attacker to access internal network resources, potentially leading to the exposure of sensitive data or system compromise.
Recommendation
It is recommended to upgrade the Crawlee library to version 1.7.0 or later to mitigate this vulnerability.
Original NVD description (English source)
Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.7.0.

