CVE-2026-56261
Received Received - Intake

SSRF in Crawl4AI Docker API Server

Vulnerability report for CVE-2026-56261, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulnCheck

Description

Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, or cloud metadata endpoints (e.g. 169.254.169.254), causing the server to make requests to internal services and potentially expose cloud metadata.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
unclecode crawl4ai to 0.8.7 (exc)
unclecode crawl4ai to 0.8.6 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-56261 is a Server-Side Request Forgery (SSRF) vulnerability found in Crawl4AI versions before 0.8.7. It affects the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without validating their destination.

An attacker can exploit this by supplying webhook URLs that point to private or internal IP ranges, Docker networks, or cloud metadata endpoints such as 169.254.169.254. This causes the server to make unauthorized requests to internal services, potentially exposing sensitive cloud metadata.

Compliance Impact

The SSRF vulnerability in Crawl4AI before version 0.8.7 allows attackers to make unauthorized requests to internal services and potentially expose sensitive cloud metadata. This exposure of sensitive internal information could lead to violations of data protection regulations such as GDPR and HIPAA, which require strict controls over access to and disclosure of personal and sensitive data.

By enabling attackers to access internal networks and cloud metadata endpoints, the vulnerability increases the risk of unauthorized data disclosure, which can compromise confidentiality requirements mandated by these standards.

Therefore, organizations using vulnerable versions of Crawl4AI may face compliance risks related to the confidentiality and security of protected data under regulations like GDPR and HIPAA until the vulnerability is remediated.

Impact Analysis

This vulnerability can have serious impacts by allowing attackers to make unauthorized requests from the server to internal or private network services.

  • Exposure of sensitive cloud metadata, which can lead to further attacks or data breaches.
  • Potential unauthorized access to internal services within private or Docker networks.
  • Compromise of confidentiality due to leakage of internal information.
Detection Guidance

The vulnerability involves the Docker API server's /crawl/job and /llm/job endpoints accepting webhook URLs without destination validation, allowing SSRF attacks. Detection can focus on monitoring requests to these endpoints and identifying webhook URLs pointing to private, internal IP ranges, Docker networks, or cloud metadata endpoints such as 169.254.169.254.

You can detect potential exploitation by inspecting network traffic or server logs for unusual outbound requests triggered by these endpoints.

  • Use network monitoring tools (e.g., tcpdump or Wireshark) to capture outgoing requests from the server to internal IP ranges or cloud metadata IPs.
  • Check server logs for requests to /crawl/job and /llm/job endpoints containing suspicious webhook URLs.
  • Example command to monitor outgoing requests to cloud metadata IP (169.254.169.254): sudo tcpdump -i any host 169.254.169.254
  • Example command to search logs for suspicious webhook URLs: grep -E '/crawl/job|/llm/job' /path/to/server/logs | grep -E 'http://(169\.254\.169\.254|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.)'
Mitigation Strategies

The primary mitigation step is to upgrade Crawl4AI to version 0.8.7 or later, where the vulnerability has been fixed by adding URL destination validation on the affected endpoints.

Until the upgrade can be applied, consider restricting access to the Docker API server endpoints /crawl/job and /llm/job to trusted users only.

Additionally, implement network-level controls to block outgoing requests from the server to internal IP ranges and cloud metadata IP addresses.

  • Upgrade Crawl4AI to version 0.8.7 or later.
  • Restrict access to the vulnerable endpoints (/crawl/job and /llm/job) via firewall or API authentication.
  • Block or monitor outgoing requests to internal IP ranges and cloud metadata IPs (e.g., 169.254.169.254) at the network level.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56261. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart