CVE-2026-53755
Błąd SSRF w Crawl4AI umożliwia dostęp do wewnętrznych usług przez niezautoryzowany proxy.
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while using a perfectly valid crawl URL. The Docker API is unauthenticated by default. /crawl, /crawl/stream, and /crawl/job accept a browser_config (and crawler_config). The following all feed Chromium's egress and were unchecked: browser_config.proxy_config.server, browser_config.proxy (deprecated field), crawler_config.proxy_config.server, and --proxy-server / --proxy-pac-url / --proxy-bypass-list / --host-resolver-rules flags in browser_config.extra_args. This vulnerability is fixed in 0.8.9.
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.6 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.3% |
| Opublikowano (NVD) | 2026-06-23 19:17:07 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-29 16:50:16 UTC |
- https://github.com/unclecode/crawl4ai/security/advisories/GHSA-6qhc-x826-342c (security-advisories@github.com) [Third Party Advisory]