Stored Cross-Site Scripting Vulnerability in Crawl4AI Monitor Dashboard
CVE-2026-56263

5.3MEDIUM

Key Information:

Vendor

Crawl4ai

Status
Crawl4ai
Vendor
CVE Published:
23 June 2026

What is CVE-2026-56263?

Crawl4AI versions prior to 0.8.7 are vulnerable to a stored cross-site scripting (XSS) flaw within the monitor dashboard. This vulnerability allows attackers to inject malicious scripts through crafted crawl requests. When operators interact with the dashboard, the unescaped rendering of crawl URLs and error messages can lead to execution of harmful scripts in their browsers, potentially compromising sensitive information.

Affected Version(s)

Crawl4AI 0 < 0.8.7

Crawl4AI 0.8.7

References

https://github.com/unclecode/crawl4ai/security/advisories...
vendor-advisory
https://github.com/unclecode/crawl4ai
product
https://www.vulncheck.com/advisories/crawl4ai-stored-cros...
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.