EUVD-2026-38366
GHSA-365w-hqf6-vxfg
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Unauthenticated network request to default endpoints triggers SSRF; scope changes to reach metadata/internal services (S:C, C:H); no integrity or availability impact described.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reach internal services and cloud metadata endpoints.
AnalysisAI
Server-side request forgery in Crawl4AI before 0.8.7 allows unauthenticated remote attackers to coerce the server into fetching arbitrary internal URLs via the /crawl, /crawl/stream, /md, and /llm endpoints. The product's internal-address blocklist can be bypassed using IPv6-mapped IPv4 notation (e.g., ::ffff:169.254.169.254), exposing cloud metadata services and internal infrastructure. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The Crawl4AI Docker API server must be reachable by the attacker on one of /crawl, /crawl/stream, /md, or /llm; per CVSS PR:N/UI:N no authentication or user interaction is required, matching the description's 'unauthenticated attackers'. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N, base 9.2) is internally consistent with the description: network-reachable, no authentication, no user interaction, and high confidentiality impact on both the vulnerable system and a subsequent system (cloud metadata / internal services). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker discovers an internet-exposed Crawl4AI Docker instance on AWS and POSTs to /crawl with url=http://[::ffff:169.254.169.254]/latest/meta-data/iam/security-credentials/, bypassing the blocklist via the IPv6-mapped form. The response body - relayed back through the crawler - contains the EC2 instance's IAM role temporary credentials, which the attacker then uses to access S3 buckets and other AWS resources. … |
| Remediation | Upgrade Crawl4AI to 0.8.7 or later (pip install --upgrade crawl4ai, or pull the corresponding patched Docker image), which extends the SSRF validator to normalize IPv6-mapped IPv4 addresses and explicitly blocks RFC 1918, loopback, link-local, and cloud-metadata destinations, per GHSA-365w-hqf6-vxfg. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Crawl4AI deployments, document internet accessibility, and assess whether instances can reach cloud metadata services or internal infrastructure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Share
External POC / Exploit Code
Leaving vuln.today