CVE-2024-56800: Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions pr
Summary
Firecrawl, a web scraper that extracts webpage content for large language models, had a server-side request forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making unwanted requests to internal networks) in versions before 1.1.1 that could expose local network resources. The cloud service was patched on December 27th, 2024, and the open-source version was patched on December 29th, 2024, with no user data exposed.
Solution / Mitigation
All open-source Firecrawl users should upgrade to v1.1.1. For the unpatched playwright services, users should configure a secure proxy by setting the `PROXY_SERVER` environment variable and ensure the proxy is configured to block all traffic to link-local IP addresses (see documentation for setup instructions).
Vulnerability Details
7.4(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-56800
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 92%