CVE-2026-53755
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
Crawl4AI prior to version 0.8.9 contains an SSRF vulnerability that allows an unauthenticated attacker to bypass the destination URL check and route traffic through a proxy to internal IP addresses. The attacker can exploit this flaw to access internal services and cloud metadata endpoints while providing a valid crawl URL.
Risk Assessment
The risk involves unauthorized access to internal network resources, such as cloud services or instance metadata, potentially leading to sensitive data leakage or further escalation within the internal network.
Recommendation
Immediately update Crawl4AI to version 0.8.9 or later. Additionally, enable authentication for the Docker API and restrict access to trusted networks only.
Original NVD description (English source)
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while using a perfectly valid crawl URL. The Docker API is unauthenticated by default. /crawl, /crawl/stream, and /crawl/job accept a browser_config (and crawler_config). The following all feed Chromium's egress and were unchecked: browser_config.proxy_config.server, browser_config.proxy (deprecated field), crawler_config.proxy_config.server, and --proxy-server / --proxy-pac-url / --proxy-bypass-list / --host-resolver-rules flags in browser_config.extra_args. This vulnerability is fixed in 0.8.9.

