Skip to main content

Firecrawl

1 CVEs product

Monthly

CVE-2026-32857 HIGH This Week

Firecrawl's Playwright scraping service through version 2.8.0 permits attackers to bypass SSRF protections and access internal network resources by exploiting a validation gap in redirect handling. Unauthenticated remote attackers can supply externally valid URLs that redirect to restricted internal endpoints, as network policy checks apply only to the initial request and not subsequent redirect destinations. With a CVSS score of 7.8 and high subsequent system confidentiality impact (SC:H), this represents a distinct post-redirect enforcement weakness separate from general redirect-based SSRF (CVE-2024-56800), though no public exploit is identified at time of analysis.

SSRF Firecrawl
NVD GitHub VulDB
CVSS 4.0
7.8
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH This Week

Firecrawl's Playwright scraping service through version 2.8.0 permits attackers to bypass SSRF protections and access internal network resources by exploiting a validation gap in redirect handling. Unauthenticated remote attackers can supply externally valid URLs that redirect to restricted internal endpoints, as network policy checks apply only to the initial request and not subsequent redirect destinations. With a CVSS score of 7.8 and high subsequent system confidentiality impact (SC:H), this represents a distinct post-redirect enforcement weakness separate from general redirect-based SSRF (CVE-2024-56800), though no public exploit is identified at time of analysis.

SSRF Firecrawl
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy