GHSA-2JQ4-Q6VV-4CP3: Arbitrary File Write via Path Traversal in Crawl4AI Downloads
Vulnerability ID: GHSA-2JQ4-Q6VV-4CP3
CVSS Score: 9.6
Published: 2026-06-18
A critical Arbitrary File Write vulnerability exists in Crawl4AI versions 0.8.9 and below. By manipulating download filenames via Content-Disposition headers or suggested_filename values, attackers can write arbitrary files to any location on the file system, potentially leading to Remote Code Execution.
TL;DR
Crawl4AI <= 0.8.9 allows arbitrary file write and path traversal, potentially leading to RCE via unauthenticated /crawl endpoints or victim-initiated crawling.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-22, CWE-59
- Attack Vector: Network (AV:N)
- CVSS Score: 9.6 (Critical)
- Impact: Arbitrary File Write / Remote Code Execution
- Exploit Status: Proof-of-Concept
- KEV Status: Not Listed
Affected Systems
- Crawl4AI (Python package) <= 0.8.9
-
crawl4ai: <= 0.8.9 (Fixed in:
0.9.0)
Code Analysis
Commit: 60886d1
Secure-by-default hardening rewrite to address directory traversal and unsafe downloads
Mitigation Strategies
- Upgrade the crawl4ai library to version 0.9.0 or higher.
- Restrict execution privileges by running the crawler process as a non-root user.
- Isolate the download directory to a dedicated, restricted volume.
Remediation Steps:
- Run 'pip install --upgrade crawl4ai' to deploy the latest patched release.
- Verify that the active deployment is running version 0.9.0 or later.
- Implement the CRAWL4AI_API_TOKEN environment variable in Docker containers to secure API endpoints.
References
- GitHub Security Advisory GHSA-2jq4-q6vv-4cp3
- GitHub Advisory Database Entry GHSA-2JQ4-Q6VV-4CP3
- Fix Commit in unclecode/crawl4ai
- Crawl4AI Repository
Read the full report for GHSA-2JQ4-Q6VV-4CP3 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)