{"data":{"id":"c9d3a798-39a0-4ef9-b9c0-8ec987f2b685","title":"GHSA-365w-hqf6-vxfg: Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution","summary":"Crawl4AI, a Docker API server for web crawling, had seven critical security vulnerabilities including arbitrary file writes, SSRF (server-side request forgery, where attackers trick the server into making requests to internal networks), authentication bypass on monitoring endpoints, stored XSS (cross-site scripting, where malicious code executes in users' browsers), arbitrary JavaScript execution, a hardcoded JWT secret key, and SSRF via direct crawl endpoints. The vulnerabilities ranged from CVSS scores of 6.1 to 9.8, with fixes applied through input validation, blocklists for dangerous IP ranges, authentication requirements, HTML escaping, and environment variable controls.","solution":"Upgrade to the patched version (recommended). Additionally, set `CRAWL4AI_API_TOKEN` to enable authentication, set a strong `SECRET_KEY` with minimum 32 characters if using JWT, and restrict network access to the Docker API. The fixes include: `validate_output_path()` restricting writes to `CRAWL4AI_OUTPUT_DIR`, `validate_webhook_url()` blocklisting RFC 1918/loopback/cloud metadata IPs, adding `dependencies=[Depends(token_dep)]` to the monitor router, server-side `html.escape()` and client-side `escapeHtml()` for XSS protection, disabling `/execute_js` by default via `CRAWL4AI_EXECUTE_JS_ENABLED` env var, removing the default JWT secret and auto-generating an ephemeral key, and normalizing IPv6-mapped IPv4 addresses before blocklist checking on all crawl/md/llm endpoints.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-365w-hqf6-vxfg","publishedAt":"2026-06-16T20:13:30.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["crawl4ai@<= 0.8.6 (fixed: 0.8.7)"],"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Crawl4AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-06-16T20:13:30.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}