GHSA-365w-hqf6-vxfg: Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution
Summary
Crawl4AI, a Docker API server for web crawling, had seven critical security vulnerabilities including arbitrary file writes, SSRF (server-side request forgery, where attackers trick the server into making requests to internal networks), authentication bypass on monitoring endpoints, stored XSS (cross-site scripting, where malicious code executes in users' browsers), arbitrary JavaScript execution, a hardcoded JWT secret key, and SSRF via direct crawl endpoints. The vulnerabilities ranged from CVSS scores of 6.1 to 9.8, with fixes applied through input validation, blocklists for dangerous IP ranges, authentication requirements, HTML escaping, and environment variable controls.
Solution / Mitigation
Upgrade to the patched version (recommended). Additionally, set `CRAWL4AI_API_TOKEN` to enable authentication, set a strong `SECRET_KEY` with minimum 32 characters if using JWT, and restrict network access to the Docker API. The fixes include: `validate_output_path()` restricting writes to `CRAWL4AI_OUTPUT_DIR`, `validate_webhook_url()` blocklisting RFC 1918/loopback/cloud metadata IPs, adding `dependencies=[Depends(token_dep)]` to the monitor router, server-side `html.escape()` and client-side `escapeHtml()` for XSS protection, disabling `/execute_js` by default via `CRAWL4AI_EXECUTE_JS_ENABLED` env var, removing the default JWT secret and auto-generating an ephemeral key, and normalizing IPv6-mapped IPv4 addresses before blocklist checking on all crawl/md/llm endpoints.
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-365w-hqf6-vxfg
First tracked: June 16, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%