What happened
Crawl4AI before 0.8.7 contains an SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without validating the destination. An attacker can supply webhook URLs pointing to private/internal IP ranges, Docker networks, or cloud metadata services, causing the server to make requests on the attacker's behalf.
Why it matters
Crawl4AI is a widely-used LLM-friendly web crawler/scraper feeding RAG and agent pipelines; this SSRF in its Docker API job-webhook feature allows internal network reconnaissance and cloud-metadata credential theft from any deployment that exposes the Docker API server, extending a pattern of SSRF issues Crawl4AI has had across multiple endpoints.
Attack vector
Attacker-supplied webhook URL in /crawl/job or /llm/job requests targeting internal IP ranges or cloud metadata endpoints, triggering server-side requests
Affected systems
Crawl4AI Docker API server < 0.8.7
Mitigation
Upgrade to Crawl4AI ≥0.8.7 (secure-by-default Docker API release addressing RCE, SSRF, auth bypass, file write, XSS, hardcoded JWT secret)