CVE Catalog

CVE-2026-53755

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

Crawl4AI prior to version 0.8.9 contains an SSRF vulnerability that allows an unauthenticated attacker to bypass the destination URL check and route traffic through a proxy to internal IP addresses. The attacker can exploit this flaw to access internal services and cloud metadata endpoints while providing a valid crawl URL.

Risk Assessment

The risk involves unauthorized access to internal network resources, such as cloud services or instance metadata, potentially leading to sensitive data leakage or further escalation within the internal network.

Recommendation

Immediately update Crawl4AI to version 0.8.9 or later. Additionally, enable authentication for the Docker API and restrict access to trusted networks only.

Original NVD description (English source)

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while using a perfectly valid crawl URL. The Docker API is unauthenticated by default. /crawl, /crawl/stream, and /crawl/job accept a browser_config (and crawler_config). The following all feed Chromium's egress and were unchecked: browser_config.proxy_config.server, browser_config.proxy (deprecated field), crawler_config.proxy_config.server, and --proxy-server / --proxy-pac-url / --proxy-bypass-list / --host-resolver-rules flags in browser_config.extra_args. This vulnerability is fixed in 0.8.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS