Back to CVE List

CVE-2026-56261

HIGH SEVERITY

CVSS Score & Metrics

Base Score
8.6 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Vulnerability Description

Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, or cloud metadata endpoints (e.g. 169.254.169.254), causing the server to make requests to internal services and potentially expose cloud metadata.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-918
Source
NVD
Vendor
Crawl4AI
Product
Crawl4AI

External References

Discussion (0)

Add Comment

No comments yet. Be the first!