<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-09T20:34:08.712622+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/352d5ed0-53ef-4ebd-8c57-f2aa30957df5/export</id>
    <title>352d5ed0-53ef-4ebd-8c57-f2aa30957df5</title>
    <updated>2026-07-09T20:34:08.719640+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "352d5ed0-53ef-4ebd-8c57-f2aa30957df5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-WM69-2PC3-RMMF", "type": "seen", "source": "https://gist.github.com/alon710/828a99d5b9580f4196005661c9b07d2d", "content": "# GHSA-WM69-2PC3-RMMF: GHSA-wm69-2pc3-rmmf: Unauthenticated Server-Side Request Forgery in Crawl4AI Docker Streaming Crawl Path\n\n&amp;gt; **CVSS Score:** 8.6\n&amp;gt; **Published:** 2026-06-18\n&amp;gt; **Full Report:** https://cvereports.com/reports/GHSA-WM69-2PC3-RMMF\n\n## Summary\nAn unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in the Crawl4AI Docker API server before version 0.9.0. The vulnerability exists because the streaming crawl endpoint (/crawl/stream) and the standard crawl endpoint with streaming enabled (/crawl with crawler_config.stream=true) bypass the validate_url_destination security filter. This allows remote, unauthenticated attackers to execute arbitrary HTTP requests targeting internal infrastructure, loopback interfaces, or cloud metadata endpoints like AWS/GCP services.\n\n## TL;DR\nA bypass of SSRF validation on the streaming crawl endpoints in Crawl4AI Docker deployments allows unauthenticated remote attackers to query internal network services and cloud metadata endpoints.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-918\n- **Attack Vector**: Network (AV:N)\n- **Attack Complexity**: Low (AC:L)\n- **Privileges Required**: None (PR:N)\n- **CVSS Score**: 8.6 (High)\n- **Exploit Status**: Proof-of-Concept (PoC)\n- **CISA KEV Status**: Not Listed\n\n## Affected Systems\n\n- Crawl4AI Docker API Server\n- **crawl4ai**: &amp;lt; 0.9.0 (Fixed in: `0.9.0`)\n\n## Mitigation\n\n- Upgrade crawl4ai package to 0.9.0 or higher.\n- Apply firewall egress filtering on the Docker container to block loopback and local networks.\n- Add an authentication layer (reverse proxy or API gateway) in front of the container.\n\n**Remediation Steps:**\n1. Modify the project dependency files (requirements.txt or pyproject.toml) to specify crawl4ai &amp;gt;= 0.9.0.\n2. Rebuild and redeploy the Crawl4AI Docker container.\n3. Restrict outgoing network connections from the Docker runtime targeting the cloud metadata service IP 169.254.169.254 and RFC 1918 subnets.\n4. Verify the patch by sending a test request with a local destination IP to the /crawl/stream endpoint and verifying that it returns an HTTP 400 Bad Request error.\n\n## References\n\n- [GitHub Security Advisory GHSA-wm69-2pc3-rmmf](https://github.com/advisories/GHSA-wm69-2pc3-rmmf)\n- [Crawl4AI Github Repository](https://github.com/unclecode/crawl4ai)\n- [Crawl4AI API Entry point source code](https://github.com/unclecode/crawl4ai/blob/main/deploy/docker/api.py)\n- [Crawl4AI Docker validation utilities](https://github.com/unclecode/crawl4ai/blob/main/deploy/docker/utils.py)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-WM69-2PC3-RMMF) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-18T17:41:53.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/352d5ed0-53ef-4ebd-8c57-f2aa30957df5/export"/>
    <published>2026-06-18T17:41:53+00:00</published>
  </entry>
</feed>
