Crawl4ai
Monthly
Server-side request forgery in Crawl4AI before 0.8.7 allows unauthenticated remote attackers to coerce the server into fetching arbitrary internal URLs via the /crawl, /crawl/stream, /md, and /llm endpoints. The product's internal-address blocklist can be bypassed using IPv6-mapped IPv4 notation (e.g., ::ffff:169.254.169.254), exposing cloud metadata services and internal infrastructure. No public exploit identified at time of analysis, but the GHSA advisory and a VulnCheck write-up document the flaw in detail.
Authentication bypass in Crawl4AI Docker API server (versions prior to 0.8.7) allows remote unauthenticated attackers to forge valid JWT tokens because the signing key defaults to the hardcoded value 'mysecret' present in the public source code. Anyone aware of the default secret can mint tokens for arbitrary users and obtain full access to protected crawling, extraction, JavaScript execution, and configuration endpoints. No public exploit identified at time of analysis, but the underlying weakness is trivially reproducible from the upstream repository.
Crawl4AI versions before 0.8.0 allow unauthenticated remote attackers to read arbitrary files from the server through file:// URL handling in Docker API endpoints (/execute_js, /screenshot, /pdf, /html), enabling exposure of sensitive configuration files, credentials, and environment variables. The vulnerability affects Docker deployments and AI/ML applications using the affected library, with no patch currently available.
Remote code execution in Crawl4AI Docker API before 0.8.0 via hooks parameter. The /crawl endpoint accepts Python code in hooks that executes on the server. EPSS 0.28%.
Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Server-side request forgery in Crawl4AI before 0.8.7 allows unauthenticated remote attackers to coerce the server into fetching arbitrary internal URLs via the /crawl, /crawl/stream, /md, and /llm endpoints. The product's internal-address blocklist can be bypassed using IPv6-mapped IPv4 notation (e.g., ::ffff:169.254.169.254), exposing cloud metadata services and internal infrastructure. No public exploit identified at time of analysis, but the GHSA advisory and a VulnCheck write-up document the flaw in detail.
Authentication bypass in Crawl4AI Docker API server (versions prior to 0.8.7) allows remote unauthenticated attackers to forge valid JWT tokens because the signing key defaults to the hardcoded value 'mysecret' present in the public source code. Anyone aware of the default secret can mint tokens for arbitrary users and obtain full access to protected crawling, extraction, JavaScript execution, and configuration endpoints. No public exploit identified at time of analysis, but the underlying weakness is trivially reproducible from the upstream repository.
Crawl4AI versions before 0.8.0 allow unauthenticated remote attackers to read arbitrary files from the server through file:// URL handling in Docker API endpoints (/execute_js, /screenshot, /pdf, /html), enabling exposure of sensitive configuration files, credentials, and environment variables. The vulnerability affects Docker deployments and AI/ML applications using the affected library, with no patch currently available.
Remote code execution in Crawl4AI Docker API before 0.8.0 via hooks parameter. The /crawl endpoint accepts Python code in hooks that executes on the server. EPSS 0.28%.
Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.