CVE-2026-57573
Received Received - Intake

SSRF in Crawl4AI Prior to 0.9.0

Vulnerability report for CVE-2026-57573, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: GitHub, Inc.

Description

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handle_stream_crawl_request passed seed URLs straight to the crawler with no destination validation, allowing a remote unauthenticated client to call POST /crawl/stream or POST /crawl with crawler_config.stream=true with a URL pointing at an internal, private, or link-local address; the server fetched it and streamed the response body back. This issue is fixed in version 0.9.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-07
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Crawl4AI, an open-source web crawler and scraper. Before version 0.9.0, the Docker API server performed a Server-Side Request Forgery (SSRF) destination check only on the non-streaming /crawl path, but not on the streaming path. The function handle_stream_crawl_request allowed remote unauthenticated clients to send POST requests to /crawl/stream or /crawl with streaming enabled, passing URLs that pointed to internal, private, or link-local addresses without validation. As a result, the server would fetch and stream the response from these potentially sensitive internal addresses back to the attacker.

Impact Analysis

This vulnerability can allow a remote unauthenticated attacker to perform SSRF attacks by making the server fetch and stream data from internal or private network addresses. This can lead to unauthorized access to internal services or sensitive information that is not normally exposed externally. Since the attacker can cause the server to access internal resources, it may result in information disclosure or further exploitation within the internal network.

Mitigation Strategies

To mitigate this vulnerability, upgrade Crawl4AI to version 0.9.0 or later, where the issue is fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57573. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart