CVE-2026-53755
Undergoing Analysis Undergoing Analysis - In Progress
Server-Side Request Forgery in Crawl4AI Docker API

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through it, reaching internal services and cloud-metadata endpoints, while using a perfectly valid crawl URL. The Docker API is unauthenticated by default. /crawl, /crawl/stream, and /crawl/job accept a browser_config (and crawler_config). The following all feed Chromium's egress and were unchecked: browser_config.proxy_config.server, browser_config.proxy (deprecated field), crawler_config.proxy_config.server, and --proxy-server / --proxy-pac-url / --proxy-bypass-list / --host-resolver-rules flags in browser_config.extra_args. This vulnerability is fixed in 0.8.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-24
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-53755
EUVD
EUVD-2026-38567
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
unclecode crawl4ai to 0.8.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this SSRF vulnerability in Crawl4AI affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-53755 is a Server-Side Request Forgery (SSRF) vulnerability in Crawl4AI, an open-source web crawler and scraper. Before version 0.8.9, the Docker API server only checked the crawl target URL for SSRF attempts but did not check the proxy address used in requests. This allowed an unauthenticated attacker to supply a proxy pointing to internal IP addresses or cloud metadata endpoints, effectively routing the browser through this proxy and accessing internal services. The Docker API is unauthenticated by default, which increases the risk. Multiple proxy configuration fields and flags feeding Chromium's egress were unchecked, enabling this bypass.

Impact Analysis

This vulnerability can allow an unauthenticated attacker to access internal network services and sensitive cloud metadata endpoints by exploiting the unchecked proxy settings. This can lead to unauthorized access to internal resources, potentially exposing sensitive information or enabling further attacks within the internal network. Since the Docker API is unauthenticated by default, the risk is higher as attackers do not need credentials to exploit this issue.

Detection Guidance

Detection of this vulnerability involves monitoring for unauthenticated requests to the Crawl4AI Docker API server that include proxy configurations potentially pointing to internal IP addresses or cloud metadata endpoints.

Specifically, look for requests to the /crawl, /crawl/stream, or /crawl/job endpoints that contain browser_config.proxy_config.server, browser_config.proxy, crawler_config.proxy_config.server, or browser_config.extra_args with proxy-related flags such as --proxy-server, --proxy-pac-url, --proxy-bypass-list, or --host-resolver-rules.

Network monitoring tools or web server logs can be used to identify such requests.

Example commands to detect suspicious proxy usage might include:

  • Using grep on server logs to find proxy parameters: grep -E 'proxy_config.server|proxy|--proxy-server|--proxy-pac-url' /path/to/access.log
  • Using curl or similar tools to test if the Docker API server accepts unauthenticated proxy configurations.
Mitigation Strategies

The immediate mitigation step is to upgrade Crawl4AI to version 0.8.9 or later, where this SSRF vulnerability via proxy settings in the Docker server has been fixed.

Additionally, restrict access to the Docker API server to trusted users only, as it is unauthenticated by default.

Review and disable any proxy configurations in browser_config and crawler_config that could be exploited.

Implement network-level controls to block unauthorized internal IP access through proxy settings.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53755. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart