CVE-2026-53753
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk36th percentile — higher than 36% of all known CVEs
Summary
Crawl4AI before version 0.8.7 has a vulnerability in the _safe_eval_expression() function in the computed fields feature. The AST validator only blocks attributes starting with underscore, but generator and frame object attributes (gi_frame, f_back, f_builtins) do not start with underscore, enabling a complete sandbox escape to achieve arbitrary code execution. The attack requires no authentication (JWT disabled by default) and is triggered via POST /crawl with a crafted extraction schema.
Risk Assessment
The organization is at risk of remote code execution without authentication, potentially leading to full server compromise, data theft, or further attacks on the infrastructure.
Recommendation
Immediately upgrade Crawl4AI to version 0.8.7 or later. If an upgrade is not possible, temporarily disable the POST /crawl endpoint or enable JWT authentication.
Original NVD description (English source)
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (gi_frame, f_back, f_builtins) do NOT start with underscore, enabling a complete sandbox escape to achieve arbitrary code execution. The attack requires no authentication (JWT disabled by default) and is triggered via POST /crawl with a crafted extraction schema. This vulnerability is fixed in 0.8.7.

