GHSA-4qqr-vv2q-cmr5: Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
Summary
Crawl4AI's Docker API had a security flaw in its SSRF protection (a filter meant to block requests to internal servers). An attacker could bypass this filter by encoding internal IP addresses using IPv6 transition forms like NAT64, 6to4, or IPv4-mapped addresses, potentially accessing internal services and cloud metadata endpoints without needing credentials.
Solution / Mitigation
The blocklist is replaced by a single rule: reject any resolved IP where `not ip.is_global`, evaluated on the address AND every embedded IPv4 transition form (v4-mapped, NAT64 `64:ff9b::/96`, 6to4 `2002::/16`, v4-compat `::/96`). Error messages are now opaque and no longer echo the resolved IP. Alternatively, upgrade to the patched version, enable authentication via `CRAWL4AI_API_TOKEN`, or restrict the container's outbound network access through firewall rules.
Vulnerability Details
EPSS: 0.0%
Yes
June 16, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-4qqr-vv2q-cmr5
First tracked: June 16, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%