Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable with no authentication (AV:N/PR:N/AC:L), no scope change, limited to monitoring state disruption with no confidentiality impact (C:N/I:L/A:L).
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication, causing service disruption.
AnalysisAI
Authentication bypass in the Crawl4AI Docker API server before 0.8.7 exposes all monitor router endpoints - including the destructive /monitor/actions/cleanup action - to unauthenticated remote attackers due to missing token dependency injection on the monitor router. Any attacker with network access to the Docker API port can invoke cleanup operations and manipulate monitoring state, causing service disruption without credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the Crawl4AI Docker API server is running and its API port is reachable by the attacker - either directly via public internet exposure or through lateral movement from an adjacent network segment. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 6.9 (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N) correctly characterizes the attack as trivially reachable from the network with no conditions or interaction, but caps impact at limited integrity and availability disruption with no confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to a Crawl4AI Docker API server sends a single unauthenticated HTTP POST to /monitor/actions/cleanup, immediately triggering a monitoring state reset without any credentials, tokens, or prior reconnaissance. This disrupts active crawl job visibility and can interfere with ongoing operations managed through the monitoring subsystem. … |
| Remediation | Upgrade to Crawl4AI 0.8.7 or later via pip (pip install 'crawl4ai>=0.8.7'), which resolves this vulnerability by adding dependencies=[Depends(token_dep)] to the monitor router registration and adding explicit token validation on the /monitor/ws WebSocket endpoint. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote code execution in Crawl4AI's Docker API server (versions prior to 0.9.0) lets unauthenticated attackers run arbit
Remote code execution in Crawl4AI Docker API before 0.8.0 via hooks parameter. The /crawl endpoint accepts Python code i
Arbitrary file write in Crawl4AI (the open-source LLM-friendly web crawler by unclecode) before version 0.9.0 lets a mal
Authentication bypass in Crawl4AI Docker API server (versions prior to 0.8.7) allows remote unauthenticated attackers to
Arbitrary file write in Crawl4AI Docker API server before 0.8.8 lets unauthenticated remote attackers escape the ALLOWED
Arbitrary JavaScript execution in Crawl4AI's Docker API server (versions before 0.8.7) lets remote attackers submit code
Server-side request forgery in Crawl4AI's Docker API server (versions before 0.8.7) allows remote unauthenticated attack
Server-side request forgery in Crawl4AI before 0.8.7 allows unauthenticated remote attackers to coerce the server into f
Arbitrary local file disclosure in Crawl4AI's Docker API (versions before 0.8.0) lets unauthenticated remote attackers r
Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py. Rated critical severity (CVSS 9.1), this vuln
Arbitrary file write in Crawl4AI's Docker API server (versions before 0.8.7) lets remote unauthenticated attackers overw
Credential exfiltration in Crawl4AI's Docker API server (all versions before 0.8.8) lets remote unauthenticated attacker
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38745
GHSA-xrfj-6m49-wfmm