Arbitrary File Write Vulnerability in Crawl4AI Web Crawler by Unclecode
CVE-2026-57571
9.6CRITICAL
What is CVE-2026-57571?
Crawl4AI, an open-source web crawler and scraper developed by Unclecode, before version 0.9.0 is susceptible to an arbitrary file write vulnerability. This issue arises when the crawler saves files downloaded from the web, allowing attackers to influence the destination filename used for these files. An attacker can provide a filename that bypasses normal directory confinement by using absolute paths or traversal sequences. Consequently, this can lead to unauthorized file writes within the server, potentially enabling remote code execution due to the attacker-controlled content in the written files. This vulnerability has been addressed in version 0.9.0.
Affected Version(s)
crawl4ai < 0.9.0
