Vulnerability  ·  2026-07-11

Crawl4AI Docker API — SSRF via Unvalidated Webhook URLs in /crawl/job and /llm/job (CVSS 8.6)

VulnerabilityHigh impactGlobalCVE-2026-56261
Crawl4AI before 0.8.7 contains an SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without validating the destination. An attacker can supply webhook URLs pointing to private/internal IP ranges, Docker networks, or cloud metadata services, causing the server to make requests on the attacker's behalf.
Crawl4AI is a widely-used LLM-friendly web crawler/scraper feeding RAG and agent pipelines; this SSRF in its Docker API job-webhook feature allows internal network reconnaissance and cloud-metadata credential theft from any deployment that exposes the Docker API server, extending a pattern of SSRF issues Crawl4AI has had across multiple endpoints.
Attacker-supplied webhook URL in /crawl/job or /llm/job requests targeting internal IP ranges or cloud metadata endpoints, triggering server-side requests
Crawl4AI Docker API server < 0.8.7
Upgrade to Crawl4AI ≥0.8.7 (secure-by-default Docker API release addressing RCE, SSRF, auth bypass, file write, XSS, hardcoded JWT secret)
PyPI Crawl4AI release notes
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →