CVE-2026-53753
published 2026-06-23CVE-2026-53753: Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST…
PriorityP270critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.45%
35.9th percentile
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (gi_frame, f_back, f_builtins) do NOT start with underscore, enabling a complete sandbox escape to achieve arbitrary code execution. The attack requires no authentication (JWT disabled by default) and is triggered via POST /crawl with a crafted extraction schema. This vulnerability is fixed in 0.8.7.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kidocode | crawl4ai | < 0.8.7 | 0.8.7 |
| kidocode | crawl4ai | >= 0 < 0.8.7 | 0.8.7 |
| unclecode | crawl4ai | < 0.8.7 | 0.8.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
unclecode crawl4ai up to 0.8.6 Computed Fields Feature _safe_eval_expression code injection (GHSA-qxjp-w3pj-48m7)
vuldb·2026-06-30·CVSS 10.0
CVE-2026-53753 [CRITICAL] unclecode crawl4ai up to 0.8.6 Computed Fields Feature _safe_eval_expression code injection (GHSA-qxjp-w3pj-48m7)
A vulnerability was found in unclecode crawl4ai up to 0.8.6 and classified as critical. This vulnerability affects the function _safe_eval_expression of the component Computed Fields Feature. The manipulation results in code injection.
This vulnerability is identified as CVE-2026-53753. The attack can be executed remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
GHSA
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
ghsa·2026-06-16
CVE-2026-53753 [CRITICAL] CWE-913 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
### Summary
The `_safe_eval_expression()` function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes (`gi_frame`, `f_back`, `f_builtins`) do NOT start with underscore, enabling a complete sandbox escape to achieve arbitrary code execution.
The attack requires no authentication (JWT disabled by default) and is triggered via `POST /crawl` with a crafted extraction schema.
### Attack Vector
An attacker sends a `POST /crawl` request with a `JsonCssExtractionStrategy` schema containing a malicious computed field expression that:
1. Creates a generator to access `gi_frame`
2. Walks the frame chain via `f_bac
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-23
Published