Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (gi_frame, f_back, f_builtins) do NOT start with underscore, enabling a complete sandbox escape to achieve arbitrary code execution. The attack requires no authentication (JWT disabled by default) and is triggered via POST /crawl with a crafted extraction schema. This vulnerability is fixed in 0.8.7.
CVE-2026-53753
This critical-severity CVE scores 10.0 under NVD CVSS v3. EPSS exploit probability: 0.4%, top 64% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 10.0
- EG Score
- 10.0(medium)
- EPSS
- 36.1%
- KEV
- Not listed
Published
June 16, 2026
Last Modified
June 29, 2026
Advisory Details (1)
Auto-updated Jul 7, 2026AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API · Advisory · unclecode/crawl4ai · GitHub
https://github.com/unclecode/crawl4ai/security/advisories/GHSA-qxjp-w3pj-48m7Vendor Advisories for CVE-2026-53753(1)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
Affected Packages
(1 across 1 ecosystem)
PyPI(1)
| Package | Vulnerable range | Fixed in | Dependents |
|---|---|---|---|
| crawl4ai | 0.3.0 ... 0.8.6 (64 versions) | 0.8.7 | — |
Weakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Related CVEs(same CWE)
Same CWE
10 shownCWE-94
- CVE-2006-1359NVD 0.0EG 9.0EPSS 99%NONE
- CVE-2005-1921NVD 0.0EG 9.0EPSS 100%NONE
- CVE-2005-3302EG 7.3HIGH
- CVE-2005-1876EG 4.5MEDIUM
- CVE-2003-1599EG 0.0NONE
- CVE-2006-1318EG 0.0EPSS 96%NONE
- CVE-2006-1301EG 0.0EPSS 95%NONE
- CVE-2006-1308EG 0.0EPSS 95%NONE
- CVE-2006-1309EG 0.0EPSS 95%NONE
- CVE-2006-1304EG 0.0EPSS 95%NONE
Frequently asked(5)
What is CVE-2026-53753?
When was CVE-2026-53753 disclosed?
Is CVE-2026-53753 actively exploited?
What is the CVSS score of CVE-2026-53753?
How do I remediate CVE-2026-53753?
Dependency Blast Radius
See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-53753
Is Your Infrastructure Affected by CVE-2026-53753?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.