무슨 일이 있었나
0.8.7 이전의 Crawl4AI
왜 중요한가
The /llm endpoint is specifically designed to produce LLM-ready output — meaning attackers can force Crawl4AI to scrape internal cloud metadata, IMDS credentials, and internal AI services, with the results returned in clean LLM-formatted output. The Docker API is unauthenticated by default, making this a zero-auth SSRF against AI data pipelines.
공격 경로
Unauthenticated POST to /crawl, /crawl/stream, /md, or /llm with IPv6-mapped IPv4 address (::ffff:169.254.169.254) bypassing the blocklist and reaching cloud metadata or internal services
영향받는 시스템
Crawl4AI < 0.8.7
완화 방안
Upgrade to Crawl4AI 0.8.7. Source: https://github.com/unclecode/crawl4ai