SSRF Vulnerability in Crawl4AI Web Crawler by Uncle Code
CVE-2026-53755

8.6HIGH

Key Information:

Vendor: Unclecode
Status: Crawl4ai
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-53755?

Crawl4AI, the open-source web crawler developed by Uncle Code, contains a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.8.9. This flaw allows unauthenticated users to manipulate the proxy address, potentially exposing internal services and bypassing security restrictions. An attacker can supply a malicious proxy that routes traffic through internal IPs, gaining unauthorized access to sensitive cloud metadata endpoints. The vulnerability affects various functionalities of the Docker API server, as the checks on proxy configurations were not properly implemented, making it imperative for users to upgrade to version 0.8.9 for enhanced security. For detailed information, refer to the security advisory at GitHub.

Affected Version(s)

crawl4ai < 0.8.9

References

https://github.com/unclecode/crawl4ai/security/advisories...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 10, 2026

CVE-2026-53755 Data

JSON

Unclecode

What is CVE-2026-53755?

Affected Version(s)

References

CVSS V3.1

Timeline