DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-WM69-2PC3-RMMF: GHSA-wm69-2pc3-rmmf: Unauthenticated Server-Side Request Forgery in Crawl4AI Docker Streaming Crawl Path

#security #cve #cybersecurity #ghsa

GHSA-wm69-2pc3-rmmf: Unauthenticated Server-Side Request Forgery in Crawl4AI Docker Streaming Crawl Path

Vulnerability ID: GHSA-WM69-2PC3-RMMF
CVSS Score: 8.6
Published: 2026-06-18

An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in the Crawl4AI Docker API server before version 0.9.0. The vulnerability exists because the streaming crawl endpoint (/crawl/stream) and the standard crawl endpoint with streaming enabled (/crawl with crawler_config.stream=true) bypass the validate_url_destination security filter. This allows remote, unauthenticated attackers to execute arbitrary HTTP requests targeting internal infrastructure, loopback interfaces, or cloud metadata endpoints like AWS/GCP services.

TL;DR

A bypass of SSRF validation on the streaming crawl endpoints in Crawl4AI Docker deployments allows unauthenticated remote attackers to query internal network services and cloud metadata endpoints.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-918
  • Attack Vector: Network (AV:N)
  • Attack Complexity: Low (AC:L)
  • Privileges Required: None (PR:N)
  • CVSS Score: 8.6 (High)
  • Exploit Status: Proof-of-Concept (PoC)
  • CISA KEV Status: Not Listed

Affected Systems

  • Crawl4AI Docker API Server
  • crawl4ai: < 0.9.0 (Fixed in: 0.9.0)

Exploit Details

  • GitHub Advisory: Vulnerability report highlighting the SSRF validation gap in handle_stream_crawl_request.

Mitigation Strategies

  • Upgrade crawl4ai package to 0.9.0 or higher.
  • Apply firewall egress filtering on the Docker container to block loopback and local networks.
  • Add an authentication layer (reverse proxy or API gateway) in front of the container.

Remediation Steps:

  1. Modify the project dependency files (requirements.txt or pyproject.toml) to specify crawl4ai >= 0.9.0.
  2. Rebuild and redeploy the Crawl4AI Docker container.
  3. Restrict outgoing network connections from the Docker runtime targeting the cloud metadata service IP 169.254.169.254 and RFC 1918 subnets.
  4. Verify the patch by sending a test request with a local destination IP to the /crawl/stream endpoint and verifying that it returns an HTTP 400 Bad Request error.

References

Read the full report for GHSA-WM69-2PC3-RMMF on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)