crawl4ai
PyPI18 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting crawl4aipage 1 of 1
- CVE-2025-28197CRITICALCVSS 9.1EG 9.12025-04-18
vulnerable: 0.3.0 ... 0.4.3b3 (36 versions)
Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.
- CVE-2026-26216CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.8.02026-02-12
vulnerable: 0.3.0 ... 0.7.8 (61 versions)
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was inc…
- CVE-2026-26217HIGHCVSS 7.5EG 8.6✓ Fixed in 0.8.02026-02-12
vulnerable: 0.3.0 ... 0.7.8 (61 versions)
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbi…
- CVE-2026-53753CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.8.72026-06-16
vulnerable: 0.3.0 ... 0.8.6 (64 versions)
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator…
- CVE-2026-53754HIGHCVSS 7.5EG 7.5✓ Fixed in 0.8.82026-06-16
vulnerable: 0.3.0 ... 0.8.7 (65 versions)
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / validate_url_destination in deploy/docker/utils.py) used an explicit IPv4/IPv6 CIDR blocklist th…
- CVE-2026-53755HIGHCVSS 7.5EG 7.5✓ Fixed in 0.8.92026-06-16
vulnerable: 0.3.0 ... 0.8.8 (66 versions)
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy…
- CVE-2026-56258HIGHCVSS 8.1EG 8.1✓ Fixed in 0.8.82026-06-23
vulnerable: 0.3.0 ... 0.8.7 (65 versions)
Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use (TOCTOU)…
- CVE-2026-56259HIGHCVSS 8.2EG 8.2✓ Fixed in 0.8.82026-07-12
vulnerable: 0.3.0 ... 0.8.7 (65 versions)
Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary environment variables. Attackers can exploit…
- CVE-2026-56260CRITICALCVSS 9.1EG 9.1✓ Fixed in 0.8.72026-07-12
vulnerable: 0.3.0 ... 0.8.6 (64 versions)
Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths without validation, allowing an attacker to supply…
- CVE-2026-56261HIGHCVSS 8.6EG 8.6✓ Fixed in 0.8.72026-07-10
vulnerable: 0.3.0 ... 0.8.6 (64 versions)
Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs p…
- CVE-2026-56262MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.8.72026-06-24
vulnerable: 0.3.0 ... 0.8.6 (64 versions)
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint…
- CVE-2026-56263MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.8.72026-06-23
vulnerable: 0.3.0 ... 0.8.6 (64 versions)
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious ma…
- CVE-2026-56264HIGHCVSS 8.1EG 8.1✓ Fixed in 0.8.72026-07-01
vulnerable: 0.3.0 ... 0.8.6 (64 versions)
Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-we…
- CVE-2026-56265CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.8.72026-06-21
vulnerable: 0.3.0 ... 0.8.6 (64 versions)
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing aut…
- CVE-2026-56266HIGHCVSS 8.6EG 8.6✓ Fixed in 0.8.72026-06-16
vulnerable: 0.3.0 ... 0.8.6 (64 versions)
Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-…
- CVE-2026-57571CRITICALCVSS 9.6EG 9.6✓ Fixed in 0.9.02026-07-06
vulnerable: 0.3.0 ... 0.8.9 (67 versions)
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, when the crawler saves a downloaded file, the destination filename was taken from attacker-influenced input and joined to the downloads directory with no conf…
- CVE-2026-57572CRITICALCVSS 10.0EG 10.0✓ Fixed in 0.9.02026-07-06
vulnerable: 0.3.0 ... 0.8.9 (67 versions)
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium sw…
- CVE-2026-57573HIGHCVSS 8.6EG 8.6✓ Fixed in 0.9.02026-07-06
vulnerable: 0.3.0 ... 0.8.9 (67 versions)
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handle_stream_crawl_request passed se…
Check whether crawl4ai is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for crawl4ai CVEs against the assets you own.
Start Free Scan →