CVE-2026-53755
published 2026-06-23CVE-2026-53755: Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL…
PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.29%
20.6th percentile
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while using a perfectly valid crawl URL. The Docker API is unauthenticated by default. /crawl, /crawl/stream, and /crawl/job accept a browser_config (and crawler_config). The following all feed Chromium's egress and were unchecked: browser_config.proxy_config.server, browser_config.proxy (deprecated field), crawler_config.proxy_config.server, and --proxy-server / --proxy-pac-url / --proxy-bypass-list / --host-resolver-rules flags in browser_config.extra_args. This vulnerability is fixed in 0.8.9.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kidocode | crawl4ai | < 0.8.9 | 0.8.9 |
| kidocode | crawl4ai | >= 0 < 0.8.9 | 0.8.9 |
| unclecode | crawl4ai | < 0.8.9 | 0.8.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
unclecode crawl4ai up to 0.8.8 Docker API /crawl/stream server-side request forgery
vuldb·2026-06-30·CVSS 7.5
CVE-2026-53755 [HIGH] unclecode crawl4ai up to 0.8.8 Docker API /crawl/stream server-side request forgery
A vulnerability classified as critical was found in unclecode crawl4ai up to 0.8.8. Affected by this vulnerability is an unknown functionality of the file /crawl/stream of the component Docker API. Executing a manipulation can lead to server-side request forgery.
This vulnerability appears as CVE-2026-53755. The attack may be performed from remote. There is no available exploit.
Upgrading the affected component is advised.
GHSA
Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check
ghsa·2026-06-16
CVE-2026-53755 [HIGH] CWE-918 Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check
Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check
### Summary
The Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while using a perfectly valid crawl URL. The Docker API is unauthenticated by default.
### Affected paths
`/crawl`, `/crawl/stream`, and `/crawl/job` accept a `browser_config` (and `crawler_config`). The following all feed Chromium's egress and were unchecked:
- `browser_config.proxy_config.server`
- `browser_config.proxy` (deprecated field)
- `crawler_config.proxy_config.server`
- `--proxy-server` / `--proxy-pac
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-23
Published