{"uuid": "076fde92-0794-4978-9945-40b72e7b9ace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-7cx2-g3h9-382p", "type": "seen", "source": "https://gist.github.com/alon710/d499538761d587fbb74d51e5882b31ec", "content": "# GHSA-7CX2-G3H9-382P: GHSA-7CX2-G3H9-382P: Multiple Vulnerabilities in Crawl4AI Docker API (Arbitrary File Write, SSRF, CRLF Log Injection)\n\n> **CVSS Score:** 8.1\n> **Published:** 2026-06-16\n> **Full Report:** https://cvereports.com/reports/GHSA-7CX2-G3H9-382P\n\n## Summary\nAn in-depth technical analysis of multiple security vulnerabilities in the self-hosted Docker API server of Crawl4AI up to version 0.8.7. These flaws include a critical arbitrary file write via symlink traversal and TOCTOU weakness, CRLF log injection, webhook header injection, and SSRF filter gaps. These have been remediated in version 0.8.8.\n\n## TL;DR\nCrawl4AI <= 0.8.7 suffers from path traversal via symlink resolution bypasses, leading to arbitrary file write and potential RCE. It also lacks validation for log streams and webhook headers, allowing log manipulation and request smuggling. Version 0.8.8 addresses these issues.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-59 (Link Following), CWE-22 (Path Traversal)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Score**: 8.1 (High)\n- **EPSS Score**: N/A (GitHub Security Advisory)\n- **Impact**: Arbitrary File Write / Remote Code Execution\n- **Exploit Status**: poc\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Crawl4AI self-hosted Docker API server deployments <= 0.8.7\n- **crawl4ai**: <= 0.8.7 (Fixed in: `0.8.8`)\n\n## Mitigation\n\n- Upgrade Crawl4AI deployments to version 0.8.8 or later.\n- Run the container with a read-only root filesystem (--read-only).\n- Configure secure API tokens using the CRAWL4AI_API_TOKEN environment variable.\n- Restrict file permissions and implement non-root execution profiles for Docker runtimes.\n\n**Remediation Steps:**\n1. Execute 'pip install -U crawl4ai>=0.8.8' to patch Python-based environments.\n2. Rebuild Docker dependencies with the latest images containing the version 0.8.8 fixes.\n3. Enable token-based authentication on the crawl endpoints.\n4. Implement security filters on log handlers to prevent control character forwarding.\n\n## References\n\n- [GitHub Advisory Database Record](https://github.com/advisories/GHSA-7cx2-g3h9-382p)\n- [Fix Patch Commit (Crawl4AI)](https://github.com/unclecode/crawl4ai/commit/aa81e8fe7d940dde8e6eec4beca178a8d6e0eb72)\n- [Version 0.8.7 ... 0.8.8 Code Comparison](https://github.com/unclecode/crawl4ai/compare/v0.8.7...v0.8.8)\n- [Crawl4AI Official Issue Tracker](https://github.com/unclecode/crawl4ai/issues)\n- [Crawl4AI Pull Request Fix Reference](https://github.com/unclecode/crawl4ai/pull/3)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-7CX2-G3H9-382P) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-16T21:41:28.000000Z"}